Security Advisory

CVE-2023-40598

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-08-30 16:19:28

Last updated 2025-02-28 11:03:41

Assigner Splunk

State PUBLISHED

Description

In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on the Splunk platform Instance.

← Browse all CVEs View on cve.org ↗