HTTP: Splunk Enterprise getJobAsset Arbitrary File Write
This signature detects attempts to exploit a known vulnerability against Splunk Enterprise. A successful attack can lead to arbitrary code execution.
Extended Description
In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.
Affected Products
Splunk splunk
Short Name
HTTP:CTS:SPLUNK-ENT-FILE-WRT
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Arbitrary CVE-2023-46214 Enterprise File Splunk Write getJobAsset
Release Date
01/05/2024
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3667
False Positive
Unknown
Vendors
Splunk