CVE-2023-40598

In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on the Splunk platform Instance.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*

History

10 Apr 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-30 17:15

Updated : 2024-04-10 01:15


NVD link : CVE-2023-40598

Mitre link : CVE-2023-40598

CVE.ORG link : CVE-2023-40598


JSON object : View

Products Affected

splunk

  • splunk_cloud_platform
  • splunk
CWE
CWE-306

Missing Authentication for Critical Function

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')