Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2023-46214

In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.

  • Published: Nov 16, 2023
  • Updated: Nov 26, 2023
  • CVE: CVE-2023-46214
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 8.8
  • AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

OWASP TOP 10:

Software From Fixed in
splunk / cloud - 9.1.2308
splunk / splunk 9.1.0 9.1.2
splunk / splunk 9.0.0 9.0.7