Vulnerability Details CVE-2023-40592
In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk platform instance.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.4%
CVSS Severity
CVSS v3 Score 8.4
References
Products affected by CVE-2023-40592
-
cpe:2.3:a:splunk:splunk:8.2.0
-
cpe:2.3:a:splunk:splunk:8.2.10
-
cpe:2.3:a:splunk:splunk:8.2.9
-
cpe:2.3:a:splunk:splunk:9.0.0
-
cpe:2.3:a:splunk:splunk:9.0.3
-
cpe:2.3:a:splunk:splunk:9.0.4
-
cpe:2.3:a:splunk:splunk:9.1.0
-
cpe:2.3:a:splunk:splunk_cloud_platform:-
-
cpe:2.3:a:splunk:splunk_cloud_platform:8.1.2103
-
cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2105
-
cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2106
-
cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2107
-
cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2109
-
cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2111
-
cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2112
-
cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2201
-
cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2202
-
cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2203
-
cpe:2.3:a:splunk:splunk_cloud_platform:9.0.2209
-
cpe:2.3:a:splunk:splunk_cloud_platform:9.0.2209.3
-
cpe:2.3:a:splunk:splunk_cloud_platform:9.0.2305.100