PT-2023-27527 · Splunk · Splunk Enterprise
Aaron Devaney
+1
·
Published
2023-08-30
·
Updated
2024-04-10
·
CVE-2023-40593
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Splunk Enterprise versions prior to 9.0.6
Splunk Enterprise versions prior to 8.2.12
Description
A malicious actor can send a malformed security assertion markup language (SAML) request to the "/saml/acs" REST endpoint, causing a denial of service through a crash or hang of the Splunk daemon.
Recommendations
For versions prior to 9.0.6, update to version 9.0.6 or later to resolve the issue.
For versions prior to 8.2.12, update to version 8.2.12 or later to resolve the issue.
As a temporary workaround, consider restricting access to the "/saml/acs" REST endpoint to minimize the risk of exploitation.
Fix
DoS
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Splunk Enterprise