Description
In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on the Splunk platform Instance.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Splunk / Splunk Cloud9.0.2305.200
- Splunk / Splunk Enterprise8.2 – 8.2.12
- Splunk / Splunk Enterprise9.0 – 9.0.6
- Splunk / Splunk Enterprise9.1 – 9.1.1
Updated 3m ago · 2 sources