Splunk Enterprise is a platform for the collection, storage, analysis and visualization of large amounts of data used to monitor and analyze the work of IT infrastructure, as well as for operational information about business processes.
February 14, the company announced the update of Splunk Enterprise, which eliminates many vulnerabilities of a high degree of seriousness.
The most critical vulnerabilities that the update eliminate are cve-2023-22939 , cve-2023-22934 and cve-2023-22935 . They can lead to the bypass of the search for the search for the search for the search for (SPL) to perform hazardous commands. Two more vulnerabilities relate to the intersight scripting (XSS): cve-2023-22932 and cve-2023-22933 .
Corrections for several vulnerabilities of medium -sized seriousness were also issued, some of which can lead to disclosure of information, sending emails on behalf of Splunk, loading the search tables with unnecessary extensions of file names and forgery on the server side (SSRF).
Other corrected problems of medium-sized seriousness can lead to the rewriting of existing RSS channels, SPLUNK Daemon failures, unauthorized updates of the collections of storage values of SSG applications and incorrect refunds to third-party API interface to