CVE-2023-40594
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.4 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the printf SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance.
Affected configurations
CNA Affected
[
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"version": "8.2",
"status": "affected",
"versionType": "custom",
"lessThan": "8.2.12"
},
{
"version": "9.0",
"status": "affected",
"versionType": "custom",
"lessThan": "9.0.6"
},
{
"version": "9.1",
"status": "affected",
"versionType": "custom",
"lessThan": "9.1.1"
}
]
},
{
"product": "Splunk Cloud",
"vendor": "Splunk",
"versions": [
{
"version": "-",
"status": "affected",
"versionType": "custom",
"lessThan": "9.0.2303.100"
}
]
}
]Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.4 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%