CVE-2023-40595

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 30, 2023

Updated: Apr 10, 2024

CWE ID 502

Summary

CVE-2023-40595 is a critical vulnerability affecting Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1. An attacker can exploit this issue by crafting a malicious query and inputting it into the system. The query allows the attacker to serialize untrusted data, leading to arbitrary code execution. This vulnerability poses a significant risk to affected Splunk Enterprise installations, making it essential for users to apply the necessary patches or upgrades as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Splunk Cloud
SPLUNK Enterprise Security

Affected Vendors

Splunk

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sXn-JK
https://www.cve.org/CVERecord?id=CVE-2023-40595
https://nvd.nist.gov/vuln/detail/CVE-2023-40595

Back to Vulnerability Database