Hordalex

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise for Windows versions prior to 9.3.1 Splunk Enterprise for Windows versions prior to 9.2.3 Splunk Enterprise for Windows versions prior to 9.1.6 Description: The issue is related to incorrect restriction of the directory path name with limited access. A low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for Windows is installed on a separate drive. This could potentially lead to arbitrary file writing and remote code execution. Recommendations: For versions prior to 9.3.1, update to version 9.3.1 or later. For versions prior to 9.2.3, update to version 9.2.3 or later. For versions prior to 9.1.6, update to version 9.1.6 or later.