Vulnerability-Lookup

CERTFR-2023-AVI-0956

Vulnerability from certfr_avis - Published: 2023-11-17 - Updated: 2023-11-17

De multiples vulnérabilités ont été découvertes dans les produits Splunk. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Splunk	N/A	Splunk extension pour Google Cloud Platform versions antérieures à 4.3.0
Splunk	Splunk Enterprise	Splunk Enterprise versions 9.1.x antérieures à 9.1.2
Splunk	Splunk Enterprise	Splunk Enterprise versions 9.0.x antérieures à 9.0.7
Splunk	N/A	Splunk extension pour Amazon Web Services versions antérieures à 7.2.0
Splunk	N/A	Splunk Cloud versions antérieures à 9.1.2308

References

Title

Publication Time

Tags

Bulletin de sécurité Splunk SVD-2023-1105 du 16 novembre 2023	None	vendor-advisory
Bulletin de sécurité Splunk SVD-2023-1101 du 16 novembre 2023	None	vendor-advisory
Bulletin de sécurité Splunk SVD-2023-1102 du 16 novembre 2023	None	vendor-advisory
Bulletin de sécurité Splunk SVD-2023-1106 du 16 novembre 2023	None	vendor-advisory
Bulletin de sécurité Splunk SVD-2023-1103 du 16 novembre 2023	None	vendor-advisory
Bulletin de sécurité Splunk SVD-2023-1104 du 16 novembre 2023	None	vendor-advisory
Bulletin de sécurité Splunk SVD-2023-1107 du 16 novembre 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Splunk extension pour Google Cloud Platform versions ant\u00e9rieures \u00e0 4.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 9.1.x ant\u00e9rieures \u00e0 9.1.2",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 9.0.x ant\u00e9rieures \u00e0 9.0.7",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk extension pour Amazon Web Services versions ant\u00e9rieures \u00e0 7.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Cloud versions ant\u00e9rieures \u00e0 9.1.2308",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-37920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
    },
    {
      "name": "CVE-2023-3817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
    },
    {
      "name": "CVE-2022-25883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
    },
    {
      "name": "CVE-2023-44270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44270"
    },
    {
      "name": "CVE-2023-46213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46213"
    },
    {
      "name": "CVE-2023-46214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46214"
    },
    {
      "name": "CVE-2023-45803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
    },
    {
      "name": "CVE-2023-43804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
    },
    {
      "name": "CVE-2023-24329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
    },
    {
      "name": "CVE-2021-22570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22570"
    },
    {
      "name": "CVE-2023-3446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
    },
    {
      "name": "CVE-2022-31799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31799"
    }
  ],
  "initial_release_date": "2023-11-17T00:00:00",
  "last_revision_date": "2023-11-17T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0956",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-11-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Splunk\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par\nl\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0 distance et une injection\nde code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-1105 du 16 novembre 2023",
      "url": "https://advisory.splunk.com/advisories/SVD-2023-1105"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-1101 du 16 novembre 2023",
      "url": "https://advisory.splunk.com/advisories/SVD-2023-1101"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-1102 du 16 novembre 2023",
      "url": "https://advisory.splunk.com/advisories/SVD-2023-1102"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-1106 du 16 novembre 2023",
      "url": "https://advisory.splunk.com/advisories/SVD-2023-1106"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-1103 du 16 novembre 2023",
      "url": "https://advisory.splunk.com/advisories/SVD-2023-1103"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-1104 du 16 novembre 2023",
      "url": "https://advisory.splunk.com/advisories/SVD-2023-1104"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-1107 du 16 novembre 2023",
      "url": "https://advisory.splunk.com/advisories/SVD-2023-1107"
    }
  ]
}

CVE-2023-46213 (GCVE-0-2023-46213)

Vulnerability from cvelistv5 – Published: 2023-11-16 20:15 – Updated: 2025-02-28 11:03

Title

Cross-site Scripting (XSS) on “Show Syntax Highlighted” View in Search Page

Summary

In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser.

Severity

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-79 - The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Assigner

Splunk

References

2 references

URL	Tags
https://advisory.splunk.com/advisories/SVD-2023-1103
https://research.splunk.com/application/1030bc63-…

Impacted products

4 products

Vendor	Product	Version
Splunk	Splunk Enterprise	Affected: 9.0 , < 9.0.7 (custom) Affected: 9.1 , < 9.1.2 (custom)
Splunk	Splunk Cloud	Affected: - , < 9.1.2308 (custom)
splunk	splunk	Affected: 9.0 , < 9.0.7 (semver) Affected: 9.1 , < 9.1.2 (semver) cpe:2.3:a:splunk:splunk:::::enterprise:::*
splunk	splunk_cloud_platform	Affected: - , < 9.1.2308 (semver) cpe:2.3:a:splunk:splunk_cloud_platform:-:::::::*

Date Public

2023-11-16 00:00

Credits

Joshua Neubecker

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "splunk",
            "vendor": "splunk",
            "versions": [
              {
                "lessThan": "9.0.7",
                "status": "affected",
                "version": "9.0",
                "versionType": "semver"
              },
              {
                "lessThan": "9.1.2",
                "status": "affected",
                "version": "9.1",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:splunk:splunk_cloud_platform:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "splunk_cloud_platform",
            "vendor": "splunk",
            "versions": [
              {
                "lessThan": "9.1.2308",
                "status": "affected",
                "version": "-",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-46213",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T19:29:45.410405Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:22:11.523Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:37:40.176Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://advisory.splunk.com/advisories/SVD-2023-1103"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://research.splunk.com/application/1030bc63-0b37-4ac9-9ae0-9361c955a3cc/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Splunk Enterprise",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "9.0.7",
              "status": "affected",
              "version": "9.0",
              "versionType": "custom"
            },
            {
              "lessThan": "9.1.2",
              "status": "affected",
              "version": "9.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Splunk Cloud",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "9.1.2308",
              "status": "affected",
              "version": "-",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Joshua Neubecker"
        }
      ],
      "datePublic": "2023-11-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the \u201cShow syntax Highlighted\u201d feature can result in the execution of unauthorized code in a user\u2019s web browser."
            }
          ],
          "value": "In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the \u201cShow syntax Highlighted\u201d feature can result in the execution of unauthorized code in a user\u2019s web browser."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-28T11:03:42.823Z",
        "orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
        "shortName": "Splunk"
      },
      "references": [
        {
          "url": "https://advisory.splunk.com/advisories/SVD-2023-1103"
        },
        {
          "url": "https://research.splunk.com/application/1030bc63-0b37-4ac9-9ae0-9361c955a3cc/"
        }
      ],
      "source": {
        "advisory": "SVD-2023-1103"
      },
      "title": "Cross-site Scripting (XSS) on \u201cShow Syntax Highlighted\u201d View in Search Page"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
    "assignerShortName": "Splunk",
    "cveId": "CVE-2023-46213",
    "datePublished": "2023-11-16T20:15:46.739Z",
    "dateReserved": "2023-10-18T17:02:51.235Z",
    "dateUpdated": "2025-02-28T11:03:42.823Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-46214 (GCVE-0-2023-46214)

Vulnerability from cvelistv5 – Published: 2023-11-16 20:15 – Updated: 2025-12-16 18:23

Title

Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing

Summary

In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.

Severity

8 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

SSVC

Exploitation: poc Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-91 - The software does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.

Assigner

Splunk

References

3 references

URL	Tags
https://advisory.splunk.com/advisories/SVD-2023-1104
https://research.splunk.com/application/a053e6a6-…
https://research.splunk.com/application/6cb7e011-…

Impacted products

3 products

Vendor	Product	Version
Splunk	Splunk Enterprise	Affected: 9.0 , < 9.0.7 (custom) Affected: 9.1 , < 9.1.2 (custom)
Splunk	Splunk Cloud	Affected: - , < 9.1.2308 (custom)
splunk	splunk_enterprise	Affected: 9.1 , < 9.1.2 (custom) Affected: 9.0 , < 9.0.7 (custom) cpe:2.3:a:splunk:splunk_enterprise::::::::

Date Public

2023-11-16 00:00

Credits

Alex Hordijk

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:37:40.138Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://advisory.splunk.com/advisories/SVD-2023-1104"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://research.splunk.com/application/a053e6a6-2146-483a-9798-2d43652f3299/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://research.splunk.com/application/6cb7e011-55fb-48e3-a98d-164fa854e37e/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:splunk:splunk_enterprise:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "splunk_enterprise",
            "vendor": "splunk",
            "versions": [
              {
                "lessThan": "9.1.2",
                "status": "affected",
                "version": "9.1",
                "versionType": "custom"
              },
              {
                "lessThan": "9.0.7",
                "status": "affected",
                "version": "9.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:splunk:splunk_enterprise:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "splunk_enterprise",
            "vendor": "splunk",
            "versions": [
              {
                "lessThan": "9.1.2",
                "status": "affected",
                "version": "9.1",
                "versionType": "custom"
              },
              {
                "lessThan": "9.0.7",
                "status": "affected",
                "version": "9.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-46214",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-10T13:55:55.284479Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-16T18:23:23.962Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Splunk Enterprise",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "9.0.7",
              "status": "affected",
              "version": "9.0",
              "versionType": "custom"
            },
            {
              "lessThan": "9.1.2",
              "status": "affected",
              "version": "9.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Splunk Cloud",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "9.1.2308",
              "status": "affected",
              "version": "-",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Alex Hordijk"
        }
      ],
      "datePublic": "2023-11-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance."
            }
          ],
          "value": "In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-91",
              "description": "The software does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-28T11:03:52.275Z",
        "orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
        "shortName": "Splunk"
      },
      "references": [
        {
          "url": "https://advisory.splunk.com/advisories/SVD-2023-1104"
        },
        {
          "url": "https://research.splunk.com/application/a053e6a6-2146-483a-9798-2d43652f3299/"
        },
        {
          "url": "https://research.splunk.com/application/6cb7e011-55fb-48e3-a98d-164fa854e37e/"
        }
      ],
      "source": {
        "advisory": "SVD-2023-1104"
      },
      "title": "Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
    "assignerShortName": "Splunk",
    "cveId": "CVE-2023-46214",
    "datePublished": "2023-11-16T20:15:25.838Z",
    "dateReserved": "2023-10-18T17:02:51.236Z",
    "dateUpdated": "2025-12-16T18:23:23.962Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTFR-2023-AVI-0956

Solution

CVE-2023-46213 (GCVE-0-2023-46213)

CVE-2023-46214 (GCVE-0-2023-46214)

Tags

Sightings

Nomenclature