CVE-2023-46214: Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing

8.0 CVSS

Description

In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.

Classification

CVE ID: CVE-2023-46214

CVSS Base Severity: HIGH

CVSS Base Score: 8.0

Affected Products

Vendor: Splunk

Product: Splunk Enterprise

Exploit Prediction Scoring System (EPSS)

EPSS Score: 17.51% (probability of being exploited)

EPSS Percentile: 96.14% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://advisory.splunk.com/advisories/SVD-2023-1104
https://research.splunk.com/application/a053e6a6-2146-483a-9798-2d43652f3299/
https://research.splunk.com/application/6cb7e011-55fb-48e3-a98d-164fa854e37e/

Timeline

2024-12-11 00:30:50 UTC
CVE

Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing