CVE-2023-40597

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.

Published: Aug 30, 2023
Updated: Sep 2, 2023
CVE: CVE-2023-40597
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
splunk / splunk_cloud_platform	-	9.0.2305.100.x
splunk / splunk	9.1.0	9.1.0.x
splunk / splunk	8.2.0	8.2.12
splunk / splunk	9.0.0	9.0.6

https://advisory.splunk.com/advisories/SVD-2023-0806
https://research.splunk.com/application/356bd3fe-f59b-4f64-baa1-51495411b7ad/

Vulnerability Database

289,697

CVE-2023-40597