Description
In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk platform instance.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Splunk / Splunk Cloud9.0.2305.200
- Splunk / Splunk Enterprise8.2 – 8.2.12
- Splunk / Splunk Enterprise9.0 – 9.0.6
- Splunk / Splunk Enterprise9.1 – 9.1.1