Aaron Devaney

**Name of the Vulnerable Software and Affected Versions** Splunk Enterprise versions prior to 9.0.6 Splunk Enterprise versions prior to 8.2.12 **Description** A malicious actor can send a malformed security assertion markup language (SAML) request to the "/saml/acs" REST endpoint, causing a denial of service through a crash or hang of the Splunk daemon. **Recommendations** For versions prior to 9.0.6, update to version 9.0.6 or later to resolve the issue. For versions prior to 8.2.12, update to version 8.2.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/saml/acs" REST endpoint to minimize the risk of exploitation.