Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Splunk Enterprise Updates Patch High-Severity Vulnerabilities

Splunk updates for Enterprise products resolve multiple high-severity vulnerabilities, including several in third-party packages.

Splunk on Tuesday announced Splunk Enterprise updates that resolve multiple high-severity vulnerabilities, including security defects impacting third-party packages used by the product.

The most severe vulnerabilities are CVE-2023-22939 and CVE-2023-22935 (CVSS score of 8.1), two issues that could lead to the bypass of search processing language (SPL) safeguards for risky commands. Both flaws affect instances with Splunk Web enabled and require a high-privileged user to make a request in their browser.

CVE-2023-22934, another SPL safeguards bypass in Splunk Enterprise, requires an authenticated user to craft a saved job before a request is made in the browser.

Splunk also released patches for two high-severity cross-site scripting (XSS) vulnerabilities (CVE-2023-22932 and CVE-2023-22933) and has released additional resources to hunt for signs of malicious exploitation.

Patches were also released for multiple medium-severity vulnerabilities in Splunk Enterprise, some of which could lead to information disclosure, the sending of emails as the Splunk instance, the upload of lookup tables with unnecessary filename extensions, and server-side request forgery (SSRF).

Other patched medium-severity issues could result in the overwrite of existing RSS feeds, Splunk daemon crashes, unauthorized updates to SSG App Key Value Store collections, and in requests to third-party APIs incorrectly reverting to HTTP.

Splunk also informs users that its products are not affected by the Text4Shell (CVE-2022-42889) vulnerability in the Apache Common Text JavaScript library, which could be exploited to execute arbitrary code.

However, patches were released for multiple vulnerabilities in third-party libraries in Splunk Enterprise, the most severe of which are CVE-2021-3518 (CVSS score of 8.8) and CVE-2021-3517 (CVSS score of 8.6), two bugs in the XML documents parsing library libxml2.

The issues are described as use-after-free and out-of-bounds read flaws, respectively, and can be exploited by submitting a crafted file to be processed by a vulnerable application. Successful exploitation could impact availability, confidentiality, and integrity of applications.

Splunk also resolved CVE-2022-32212 (CVSS score of 8.1), an OS command injection in Node.js, and CVE-2022-24785 and CVE-2022-31129, a path traversal flaw and an inefficient parsing algorithm issue in Moment.js, a JavaScript library for dates parsing, formatting, manipulation, and validation.

Other third-party package bugs addressed in Splunk Enterprise this week include CVE-2021-28957 (an XSS vulnerability in python-lxml’s clean module) and CVE-2021-3537 (a NULL dereference flaw in the libxml2).

Splunk Enterprise versions 8.1.13, 8.2.10, and 9.0.4 contain patches for all the vulnerabilities above. Users are advised to update to a patched iteration as soon as possible. Additional information on the resolved issues can be found on Splunk’s security advisories page.

Related: Splunk Patches 9 High-Severity Vulnerabilities in Enterprise Product

Related: Quarterly Security Patches Released for Splunk Enterprise

Related: Critical Code Execution Vulnerability Patched in Splunk Enterprise

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Vulnerabilities

Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.