In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Splunk
Published: 2023-11-16T20:15:25.838Z
Updated: 2024-09-04T20:27:06.685Z
Reserved: 2023-10-18T17:02:51.236Z
Link: CVE-2023-46214
Vulnrichment
Updated: 2024-08-02T20:37:40.138Z
NVD
Status : Modified
Published: 2023-11-16T21:15:08.630
Modified: 2024-04-10T01:15:16.693
Link: CVE-2023-46214
Redhat
No data.