CVE-2023-40595

Summary

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code.

Affected Software

VendorProductVersion RangeStatus
SplunkSplunk Enterprise8.2 < 8.2.12affected
SplunkSplunk Enterprise9.0 < 9.0.6affected
SplunkSplunk Enterprise9.1 < 9.1.1affected
SplunkSplunk Cloud- < 9.0.2305.200affected

Weaknesses

  • CWE-502: The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

ADP Enrichment

CVE Program Container

Additional References

References