Splunk Patches High-Severity Vulnerabilities in Enterprise Product

Splunk announced patches for 16 vulnerabilities in its Enterprise and Cloud Platform products, including six high-severity bugs. Three of these high-severity issues are remote code execution flaws that require authentication for successful exploitation. The first RCE bug affects Splunk Enterprise versions 9.2.x, 9.1.x, and 9.0.x and can be mitigated by disabling the ‘splunk_archiver’ application or updating to version 9.2.2. The second RCE bug allows an authenticated attacker to execute a crafted query to serialize untrusted data and execute arbitrary code, while the third RCE affects the dashboard PDF generation component in Enterprise and Cloud Platform products.

The other high-severity bugs include a command injection flaw that could allow an authenticated user to create an external lookup calling to a legacy internal function and insert code in the Splunk platform’s installation directory, as well as a path traversal vulnerability in Splunk Enterprise on Windows and a denial-of-service vulnerability in the Enterprise and Cloud Platform products.

The remaining fixes address medium-severity flaws impacting the Enterprise and Cloud Platform products.

Read more

Sign up to receive daily content in your inbox

We don’t spam! Read our privacy policy for more info.

Share This Article

Leave Comment

Your email address will not be published. Required fields are marked *

Daily Newsletter

Subscribe to our free daily newsletter to get the latest summarized updates