CVE-2023-46214

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions below 9.0.7 and 9.1.2

Description The issue is related to the improper sanitization of extensible stylesheet language transformations (XSLT) supplied by users in Splunk Enterprise. This allows an attacker to upload malicious XSLT, potentially resulting in remote code execution on the Splunk Enterprise instance. There are over 120,000 publicly exposed Splunk instances, making them vulnerable to this issue.

Recommendations For Splunk Enterprise versions below 9.0.7, update to version 9.0.7 or later. For Splunk Enterprise versions below 9.1.2, update to version 9.1.2 or later. As a temporary workaround, consider restricting access to the XSLT functionality until a patch is applied.