CVE-2023-32706: Denial Of Service due to Untrusted XML Tag in XML Parser within SAML Authentication

7.7 CVSS

Description

On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of service in the Splunk daemon.

Classification

CVE ID: CVE-2023-32706

CVSS Base Severity: HIGH

CVSS Base Score: 7.7

Affected Products

Vendor: Splunk

Product: Splunk Enterprise

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.06% (probability of being exploited)

EPSS Percentile: 27.42% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://advisory.splunk.com/advisories/SVD-2023-0601

Timeline

2024-12-11 00:30:48 UTC
CVE

Denial Of Service due to Untrusted XML Tag in XML Parser within SAML Authentication