SB2023060726 - Multiple vulnerabilities in Splunk Enterprise and Splunk Cloud Platform

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2023-22940)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the SPL Command Safeguards Bypass within the "collect" SPL Command Aliases. A remote user can gain access to sensitive information on the system.

2) Uncaught Exception (CVE-ID: CVE-2023-22941)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to uncaught exception in the "INGEST_EVAL" parameter. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

3) Improper Authorization (CVE-ID: CVE-2023-22938)

The vulnerability allows a remote attacker to bypass the authorization mechanisms.

The vulnerability exists due to permissions validation failure in the "sendemail" REST API Endpoint. A remote user can send an email as the Splunk instance.

Remediation

Install update from vendor's website.

References

• https://advisory.splunk.com/advisories/SVD-2023-0210
• https://research.splunk.com/endpoint/ee69374a-d27e-4136-adac-956a96ff60fd
• https://advisory.splunk.com/advisories/SVD-2023-0211
• https://research.splunk.com/application/08978eca-caff-44c1-84dc-53f17def4e14/
• https://advisory.splunk.com/advisories/SVD-2023-0208