Protect Your Data and Boost Compliance: DPDP Act and Cybersecurity for Indian Manufacturers

Register Today
splunk-advisory-2023

Splunk, a leading provider of data analytics and security solutions, recently released security advisories addressing potential vulnerabilities related to Splunk Enterprise. These advisories highlight the importance of staying vigilant and proactive when it comes to cybersecurity.

Specifically, the advisories highlight six high severity vulnerabilities and eight medium severity vulnerabilities related to Splunk Web, which is often configured in an organization's environment. These vulnerabilities could potentially allow an attacker to execute arbitrary code or obtain sensitive information, including credentials or system configuration details. 

To address these vulnerabilities, organizations that have configured Splunk Web in their environment are strongly encouraged to upgrade to version 9.0.4 of Splunk Enterprise. This version includes a patch that specifically addresses the vulnerabilities related to Splunk Web.

For organizations that use Splunk Cloud Platform, it's important to note that Splunk Support will handle the necessary updates to address these vulnerabilities.

It's crucial for organizations to take proactive measures to ensure the security of their systems, including implementing strong access controls, regularly monitoring system logs for suspicious activity, and performing regular vulnerability assessments and penetration testing. 

The Splunk security advisories provide valuable information about potential vulnerabilities and steps that organizations can take to mitigate risk. By staying informed about potential threats and taking proactive measures to address them, organizations can better protect their sensitive data and reduce the risk of a cyber attack.  

For reference, below is the list of high severity and medium severity vulnerabilities related to Splunk Web published by Splunk

SVD-2023 CVE Description Component Affected Version Fixed Version Action to be Taken Severity
0202 2023-22932 Persistent Cross-Site Scripting through a Base64-encoded Image in a View in Splunk Enterprise Persistent Cross-Site Scripting through a Base64-encoded Image in a View in Splunk Enterprise

Splunk Enterprise: 9.0.0 to 9.0.3

Splunk Cloud: 9.0.2209 and lower

Splunk Enterprise: 9.0.4

Splunk Cloud: 9.0.2209.3

Splunk Enterprise: Upgrade to 9.0.4 or higher

Splunk Support will upgrade splunk Cloud Instances

High
0204  2023-22934 SPL Command Safeguards Bypass via the ‘pivot’ SPL Command in Splunk Enterprise Splunk Enterprise-Splunk Web High
0205 2023-22935 SPL Command Safeguards Bypass via the ‘display.page.search.patterns.sensitivity’ Search Parameter in Splunk Enterprise Splunk Enterprise-Splunk Web High
0209 2023-22939 SPL Command Safeguards Bypass via the ‘map’ SPL Command in Splunk Enterprise Splunk Enterprise-Splunk Web High
0215 2021-21419, 2021-28957, 2022-24785, 2022-31129, 2022-32212, 2015-20107, 2021-3517, 2021-3537, 2021-3518 February Third Party Package Updates in Splunk Enterprise Splunk Enterprise-Splunk Web High
0203 2023-22933 Persistent Cross-Site Scripting through the ‘module’ Tag in a View in Splunk Enterprise Splunk Enterprise-Splunk Web

Splunk Enterprise: 8.1.12 and lower, 8.2.0 to 8.2.9, 9.0. to 9.0.3

Splunk Cloud: 9.0.2208 and lower

Splunk Enterprise: 8.1.13, 8.2.10, 9.0.4

Splunk Cloud: 9.0.2209

Splunk Enterprise: Upgrade to 8.1.13, 8.2.10, 9.0.4, or higher.

Splunk Support will upgrade splunk Cloud Instances

High
0201 2023-22931 ‘createrss’ External Search Command Overwrites Existing RSS Feeds in Splunk Enterprise Search

Splunk Enterprise: 8.2.0 to 8.0.9 & 8.1.12 and lower

Splunk Cloud: 8.2.2202 and lower

Splunk Enterprise: 8.1.13, 8.2.10

Splunk Cloud: 8.2.2203

Upgrade to 8.1.13, 8.2.10- Splunk Enterprise

Splunk Support will upgrade splunk Cloud Instances

Medium
0206 2023-22936 Authenticated Blind Server Side Request Forgery via the ‘search_listener’ Search Parameter in Splunk Enterprise Splunk Enterprise-Splunk Web Medium
0207 2023-22937 Unnecessary File Extensions Allowed by Lookup Table Uploads in Splunk Enterprise Splunk Enterprise-Splunk Web Medium
0208 2023-22938 Permissions Validation Failure in the ‘sendemail’ REST API Endpoint in Splunk Enterprise Splunk Enterprise-Splunk Web Medium
0210 2023-22940 SPL Command Safeguards Bypass via the ‘collect’ SPL Command Aliases in Splunk Enterprise Splunk Enterprise-Splunk Web Medium
0211 2023-22941 Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon Splunk Enterprise-Splunk Web Medium
0212 2023-22942 Cross-Site Request Forgery in the ‘ssg/kvstore_client’ REST Endpoint in Splunk Enterprise Splunk Enterprise-Splunk Web Medium
0213 2023-22943 Modular Input REST API Requests Connect via HTTP after Certificate Validation Failure in Splunk Add-on Builder and Splunk CloudConnect SDK

Splunk Add-On Builder (4.1)

4.1.1 and lower

4.1.2 Upgrade to Splunk Add-on Builder 4.1.2  or higher Medium

Splunk CloudConnect SDK (3.1)

3.1.2 and lower

3.1.3 Upgrade to Splunk CloudConnect SDK 3.1.3

This author is a tech writer in Positka writing amazing blogs on latest smart security tech.

Get in touch

Send us a Message

Looking for general information or have a specific question. Fill the form below or drop
us a line at susan@positka.com.