CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40594 – Denial of Service (DoS) via the ‘printf’ Search Function
https://notcve.org/view.php?id=CVE-2023-40594
30 Aug 2023 — In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the `printf` SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance. • https://advisory.splunk.com/advisories/SVD-2023-0803 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40592 – Reflected Cross-site Scripting (XSS) on "/app/search/table" web endpoint
https://notcve.org/view.php?id=CVE-2023-40592
30 Aug 2023 — In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk platform instance. • https://advisory.splunk.com/advisories/SVD-2023-0801 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40595 – Remote Code Execution via Serialized Session Payload
https://notcve.org/view.php?id=CVE-2023-40595
30 Aug 2023 — In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code. • https://advisory.splunk.com/advisories/SVD-2023-0804 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40598 – Command Injection in Splunk Enterprise Using External Lookups
https://notcve.org/view.php?id=CVE-2023-40598
30 Aug 2023 — In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on the Splunk platform Instance. • https://advisory.splunk.com/advisories/SVD-2023-0807 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-306: Missing Authentication for Critical Function •