PT-2023-27527 · Splunk · Splunk Enterprise

Aaron Devaney

Publicado

2023-08-30

Atualizado

2024-04-10

CVE-2023-40593

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 9.0.6 Splunk Enterprise versions prior to 8.2.12

Description A malicious actor can send a malformed security assertion markup language (SAML) request to the "/saml/acs" REST endpoint, causing a denial of service through a crash or hang of the Splunk daemon.

Recommendations For versions prior to 9.0.6, update to version 9.0.6 or later to resolve the issue. For versions prior to 8.2.12, update to version 8.2.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/saml/acs" REST endpoint to minimize the risk of exploitation.

Correção

DoS

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

CVE-2023-40593

Produtos afetados

Splunk Enterprise

PT-2023-27527 · Splunk · Splunk Enterprise

CVE-2023-40593

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5