AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Log4j vulnerability splunk2/17/2024 Splunk Add-on for Google Cloud Platform. Third Party Package Update in Splunk Add-on for Google Cloud Platform Splunk rates this vulnerability a 4.8, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NIf the Splunk Enterprise instance does not run Splunk Web, it is not affected and this vulnerability can be considered Informational. See (()) and the (()) file in the Splunk documentation for more information on disabling Splunk Web.Do not use the “Show syntax highlighted” feature in the Search page on imported log files whose origins you are not familiar with. If users do not log in to Splunk Web on indexers in a distributed environment, disable Splunk Web on those indexers. Splunk is actively monitoring and patching Splunk Cloud Platform instances. Upgrade Splunk Enterprise to versions 9.0.7 or 9.1.2. In Splunk Enterprise versions below 9.0.7 and 9.1.2, the “Show syntax highlighted” feature of the Search page does not effectively escape log file characters.This vulnerability lets an attacker craft a log file which can execute unauthorized Javascript code in the browser of a user that interacts with events in the malicious log file in a specific way. Splunk rates this vulnerability a 8.0, High, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H.Ĭross-site Scripting (XSS) on “Show Syntax Highlighted” View in Search PageĬVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N For earlier Splunk Enterprise versions, review the web.conf specification for availability of the `enableSearchJobXslt` setting. If you cannot upgrade, limit the ability of search job requests to accept XML stylesheet language (XSL) as valid input.Edit the `web.conf` configuration file and add the following configuration on instances where you want to limit the ability of search job requests to accept XSL:```enableSearchJobXslt = false`For more information on modifying the web.conf configuration file, see () and the () configuration specification. Upgrade Splunk Enterprise to either 9.0.7 or 9.1.2. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance. In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. Remote code execution (RCE) in Splunk Enterprise through Insecure XML ParsingĬVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Enterprise, including the following:įor Splunk Enterprise, upgrade versions to 9.0.7 or 9.1.2.ĬVE-2021-22570 - protobuf - Upgraded to 3.15.8. November 2023 Third Party Package updates in Splunk Enterprise Splunk is actively upgrading and monitoring instances of Splunk Enterprise Cloud. Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in version of Splunk Enterprise Cloud. November 2023 Third-Party Package Updates in Splunk Enterprise Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Universal Forwarder, including the following:įor Splunk Universal Forwarder, upgrade versions to 9.0.7 or 9.1.2.įor the CVEs in this list, Splunk adopted the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating to align with industry standards.ĬVE-2022-31799 - bottle - Upgraded to 0.12.25 -ĬVE-2023-24329 - python - Upgraded to 3.7.17 -ĬVE-2023-3817 - openssl - Upgraded to 1.0.2zi -ĬVE-2023-3446 - openssl - Upgraded to 1.0.2zi. November 2023 Splunk Universal Forwarder Third-Party Updates
0 Comments
Read More
Leave a Reply. |