Description
On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of service in the Splunk daemon.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High
Affected products
- Splunk / Splunk Cloud Platform9.0.2303 and below – 9.0.2303.100
- Splunk / Splunk Enterprise8.1 – 8.1.14
- Splunk / Splunk Enterprise8.2 – 8.2.11
- Splunk / Splunk Enterprise9.0 – 9.0.5
References
- VENDOR_ADVISORYhttps://advisory.splunk.com/advisories/SVD-2023-0601