Splunk Releases Patches for Multiple High-Severity Vulnerabilities

February 15, 2023

Splunk on Tuesday announced Splunk Enterprise updates that resolve multiple high-severity vulnerabilities, including security defects impacting third-party packages used by the product. The most severe vulnerabilities are CVE-2023-22939 and CVE-2023-22935 (CVSS score of 8.1), two issues that could lead to the bypass of search processing language (SPL) safeguards for risky commands. Other patched medium-severity issues could result in the overwrite of existing RSS feeds, Splunk daemon crashes, unauthorized updates to SSG App Key Value Store collections, and in requests to third-party APIs incorrectly reverting to HTTP. Splunk also released patches for two high-severity cross-site scripting (XSS) vulnerabilities (CVE-2023-22932 and CVE-2023-22933) and has released additional resources to hunt for signs of malicious exploitation. Additionally, patches were released for multiple vulnerabilities in third-party libraries in Splunk Enterprise, including CVE-2021-3518 (CVSS score of 8.8) and CVE-2021-3517 (CVSS score of 8.6), two bugs in the XML documents parsing library libxml2. Splunk Enterprise versions 8.1.13, 8.2.10, and 9.0.4 contain patches for all the vulnerabilities, including CVE-2021-28957, CVE-2022-24785, CVE-2022-31129, CVE-2022-32212, and CVE-2023-22934. Users are advised to update to a patched iteration as soon as possible.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Continuous VisibilityPrioritizationValidation

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.