CVE-2023-46214

HIGH

Splunk Enterprise <9.0.7-9.1.2 - RCE

Title source: llm

Description

In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.

Exploits (1)

metasploit WORKING POC EXCELLENT

by nathan, Valentin Lobstein, h00die · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/http/splunk_xslt_authenticated_rce.rb

View Code ZIP pw:eip

References (3)

[Vendor Advisory] https://advisory.splunk.com/advisories/SVD-2023-1104

[Vendor Advisory] https://research.splunk.com/application/6cb7e011-55fb-48e3-a98d-164fa854e37e/

[Vendor Advisory] https://research.splunk.com/application/a053e6a6-2146-483a-9798-2d43652f3299/

Scores

CVSS v3 8.0

EPSS 0.8778

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Details

CWE

CWE-91

Status published

Products (2)

splunk/cloud < 9.1.2308

splunk/splunk 9.0.0 - 9.0.7

Published Nov 16, 2023

Tracked Since Feb 18, 2026