3 matches found
CVE-2023-40595
CVE-2023-40595 affects Splunk Enterprise prior to 8.2.12, 9.0.6, and 9.1.1. The issue arises from a deserialization flaw in the Splunk Web interface that allows an attacker to send a specially crafted query to serialize untrusted data, enabling arbitrary code execution. Exploitation details in co...
CVE-2023-40595 Remote Code Execution via Serialized Session Payload
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code...
Splunk Enterprise 8.2.0 < 8.2.12, 9.0.0 < 9.0.6, 9.1.0 < 9.1.1 (SVD-2023-0804)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0804 advisory. - In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that the...