CVE-2023-40598

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 8.2.12 Splunk Enterprise versions prior to 9.0.6 Splunk Enterprise versions prior to 9.1.1

Description The issue is related to the Splunk Web interface of the Splunk Enterprise platform for operational analysis. It is associated with the failure to clean up data at the management level due to the use of the outdated runshellscript command. Exploitation of this issue may allow a remote attacker to execute arbitrary commands. An attacker can create an external lookup that calls a legacy internal function, allowing them to insert code into the Splunk platform installation directory and execute arbitrary code on the Splunk platform instance.

Recommendations For versions prior to 8.2.12, update to version 8.2.12 or later. For versions prior to 9.0.6, update to version 9.0.6 or later. For versions prior to 9.1.1, update to version 9.1.1 or later.