Splunk announced patches for 16 vulnerabilities in its Enterprise and Cloud Platform products, including six high-severity bugs. Three of these high-severity issues are remote code execution flaws that require authentication for successful exploitation. The first RCE bug affects Splunk Enterprise versions 9.2.x, 9.1.x, and 9.0.x and can be mitigated by disabling the ‘splunk_archiver’ application or updating to version 9.2.2. The second RCE bug allows an authenticated attacker to execute a crafted query to serialize untrusted data and execute arbitrary code, while the third RCE affects the dashboard PDF generation component in Enterprise and Cloud Platform products.
The other high-severity bugs include a command injection flaw that could allow an authenticated user to create an external lookup calling to a legacy internal function and insert code in the Splunk platform’s installation directory, as well as a path traversal vulnerability in Splunk Enterprise on Windows and a denial-of-service vulnerability in the Enterprise and Cloud Platform products.
The remaining fixes address medium-severity flaws impacting the Enterprise and Cloud Platform products.