CVE-2023-32716

medium

Description

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, an attacker can exploit a vulnerability in the {{dump}} SPL command to cause a denial of service by crashing the Splunk daemon.

References

https://research.splunk.com/application/fb0e6823-365f-48ed-b09e-272ac4c1dad6/

https://advisory.splunk.com/advisories/SVD-2023-0611

Details

Source: Mitre, NVD

Published: 2023-06-01

Updated: 2024-04-10

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium