The Latest in IT Security

Splunk Patches High-Severity Flaws in Enterprise, IT Service Intelligence

31
Aug
2023
Splunk Patches High-Severity Flaws in Enterprise, IT Service Intelligence

image credit: adobe stock

The most severe of the bugs resolved in Splunk Enterprise this month is CVE-2023-40595 (CVSS score of 8.8), which is described as a remote code execution issue exploitable using crafted queries.

“The exploit requires the use of the collect SPL command which writes a file within the Splunk Enterprise installation. The attacker can then use this file to submit a serialized payload that can result in execution of code within the payload,” Splunk explains in an advisory.

Next in line is CVE-2023-40598, a command injection vulnerability impacting a legacy internal function, which could be exploited to execute arbitrary code.

Read More

Comments are closed.

Categories

MONDAY, JUNE 17, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments