Lucene search
HistoryAug 30, 2023 - 5:15 p.m.
CVE-2023-40597
splunk
enterprise
cve-2023-40597
absolute path traversal
arbitrary code execution
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.6%
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.
Affected configurations
Node
splunksplunkRange8.2.0–8.2.12enterprise
ORsplunksplunkRange9.0.0–9.0.6enterprise
ORsplunksplunkMatch9.1.0enterprise
ORsplunksplunk_cloud_platformRange≤9.0.2305.100
CNA Affected
[
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"version": "8.2",
"status": "affected",
"versionType": "custom",
"lessThan": "8.2.12"
},
{
"version": "9.0",
"status": "affected",
"versionType": "custom",
"lessThan": "9.0.6"
},
{
"version": "9.1",
"status": "affected",
"versionType": "custom",
"lessThan": "9.1.1"
}
]
},
{
"product": "Splunk Cloud",
"vendor": "Splunk",
"versions": [
{
"version": "-",
"status": "affected",
"versionType": "custom",
"lessThan": "9.0.2305.200"
}
]
}
]Related
prion
prion
Path traversal
2023-08-30 17:15:00
cvelist
cvelist
nessus
nessus
nvd
nvd
CVE-2023-40597
2023-08-30 17:15:10
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.6%
Related for CVE-2023-40597