CVE-2023-40594 – Denial of Service (DoS) via the ‘printf’ Search Function
https://notcve.org/view.php?id=CVE-2023-40594
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the `printf` SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance. • https://advisory.splunk.com/advisories/SVD-2023-0803 https://research.splunk.com/application/78b48d08-075c-4eac-bd07-e364c3780867 • CWE-400: Uncontrolled Resource Consumption •
CVE-2023-40592 – Reflected Cross-site Scripting (XSS) on "/app/search/table" web endpoint
https://notcve.org/view.php?id=CVE-2023-40592
In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk platform instance. • https://advisory.splunk.com/advisories/SVD-2023-0801 https://research.splunk.com/application/182f9080-4137-4629-94ac-cb1083ac981a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-40595 – Remote Code Execution via Serialized Session Payload
https://notcve.org/view.php?id=CVE-2023-40595
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code. • https://advisory.splunk.com/advisories/SVD-2023-0804 https://research.splunk.com/application/d1d8fda6-874a-400f-82cf-dcbb59d8e4db • CWE-502: Deserialization of Untrusted Data •
CVE-2023-40598 – Command Injection in Splunk Enterprise Using External Lookups
https://notcve.org/view.php?id=CVE-2023-40598
In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on the Splunk platform Instance. • https://advisory.splunk.com/advisories/SVD-2023-0807 https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-306: Missing Authentication for Critical Function •