Splunk Enterprise Updates Patch High-Severity Vulnerabilities


Tuesday saw the release of upgrades for Splunk Enterprise that fix a number of high-severity flaws, including security issues affecting the product’s use of third-party packages.

The most serious flaws are CVE-2023-22939 and CVE-2023-22935 (CVSS score of 8.1), two problems that could allow dangerous instructions to circumvent search processing language (SPL) protections. Both issues call for a high-privileged user to submit a request in their browser and affect instances with Splunk Web enabled.

Read More…