A proof-of-concept (PoC) exploit for a high-severity flaw in Splunk Enterprise (CVE-2023-46214) that can lead to remote code execution has been made public.
Users are advised to implement the provided patches or workarounds quickly.
Splunk Enterprise is a solution that ingests a variety of data generated by an organization’s business infrastructure and applications. This data is used to generate helpful insights for improving the organization’s security and compliance, application delivery, IT operations, and more.
CVE-2023-46214 stems from Splunk Enterprise’s failure to safely sanitize extensible stylesheet language transformations (XSLT) that users supply.