Splunk Releases Patches for Multiple High-Severity Vulnerabilities

February 15, 2023

Splunk on Tuesday announced Splunk Enterprise updates that resolve multiple high-severity vulnerabilities, including security defects impacting third-party packages used by the product. The most severe vulnerabilities are CVE-2023-22939 and CVE-2023-22935 (CVSS score of 8.1), two issues that could lead to the bypass of search processing language (SPL) safeguards for risky commands. Other patched medium-severity issues could result in the overwrite of existing RSS feeds, Splunk daemon crashes, unauthorized updates to SSG App Key Value Store collections, and in requests to third-party APIs incorrectly reverting to HTTP. Splunk also released patches for two high-severity cross-site scripting (XSS) vulnerabilities (CVE-2023-22932 and CVE-2023-22933) and has released additional resources to hunt for signs of malicious exploitation. Additionally, patches were released for multiple vulnerabilities in third-party libraries in Splunk Enterprise, including CVE-2021-3518 (CVSS score of 8.8) and CVE-2021-3517 (CVSS score of 8.6), two bugs in the XML documents parsing library libxml2. Splunk Enterprise versions 8.1.13, 8.2.10, and 9.0.4 contain patches for all the vulnerabilities, including CVE-2021-28957, CVE-2022-24785, CVE-2022-31129, CVE-2022-32212, and CVE-2023-22934. Users are advised to update to a patched iteration as soon as possible.

Latest News

• Arris Routers Vulnerable to Remote Code Execution
• Fortinet Releases Security Updates for FortiNAC and FortiWeb
• SolarWinds Patches High-Severity Vulnerabilities
• ProxyShellMiner Exploits Microsoft Exchange Vulnerabilities
• CISA Adds Four Security Vulnerabilities to Known Exploited List