What is CVE-2023-46214?

A high-severity vulnerability has been identified in Splunk Enterprise versions below 9.0.7 and 9.1.2, allowing attackers to execute remote code. Immediate action is needed to mitigate risks associated with this flaw.

What is the severity of CVE-2023-46214?

CVE-2023-46214 has a severity rating of HIGH with a CVSS base score of 8.

CVE-2023-46214 | High Vulnerability in Splunk Enterprise

In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.

The CVSS score for this vulnerability is 8.8, indicating it is of high severity. Organizations using the affected versions of Splunk Enterprise are at significant risk, as this could lead to unauthorized access and manipulation of data, potentially impacting confidentiality, integrity, and availability.

Risk to organizations includes potential remote code execution, which could allow attackers to take complete control of the Splunk instance. Given the nature of the vulnerability, organizations should prioritize patching immediately.

Currently, there are no known exploits in the wild, but the potential for remote code execution makes it critical for organizations to remediate this vulnerability without delay.

Organizations should assess their deployments and take necessary steps to ensure they are running a patched version of Splunk Enterprise.

Vulnerability Details

In Splunk Enterprise versions below 9.0.7 and 9.1.2, the application fails to properly sanitize user-supplied XSLT, allowing an attacker to upload malicious stylesheets. This vulnerability is classified under CWE-91 (XML Injection). The CVSS version 3.1 score is 8.8, indicating high severity with a base score of 8.8.

The vulnerability impacts Splunk's cloud and enterprise products, which can be exploited via network access with low privileges and requires user interaction to trigger.

Technical Analysis

The root cause of this vulnerability is the inadequate sanitization of user-supplied XSLT, which can lead to arbitrary code execution on the server. The attack vector is network-based, and the complexity is rated as high, requiring some user interaction to exploit.

The attacker needs to have low privileges and requires user interaction. If successfully exploited, confidentiality, integrity, and availability are all impacted at high levels.

Risk & Impact Analysis

The risk associated with this vulnerability is significant, as it allows for remote code execution which could lead to a complete compromise of the affected systems. Organizations using vulnerable versions of Splunk Enterprise face potential unauthorized access to sensitive data, operational disruptions, and severe reputational damage.

With a CVSS score of 8.8, organizations should address this vulnerability in their priority patch cycle. The potential for exploitation increases the urgency for remediation.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions include Splunk Enterprise versions below 9.0.7 and 9.1.2. Organizations using these versions must upgrade to the latest patched releases to mitigate the risks associated with this vulnerability.

Mitigation & Remediation

Organizations should prioritize upgrading to Splunk Enterprise versions 9.0.7 or 9.1.2 or later. If immediate patching is not feasible, implementing strict input validation and network controls can mitigate some risks while waiting for the official fixes.

For comprehensive security, consider engaging in penetration testing to identify and remediate potential vulnerabilities.

Detection Guidance

Monitoring logs for unusual XSLT uploads and behavioral anomalies can aid in detecting potential exploitation attempts. Implement network signatures to detect and block malicious traffic targeting vulnerable Splunk instances.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability lies in its potential to expose organizations to severe operational risks. Security teams should recognize the trend of vulnerabilities related to inadequate input sanitization, particularly in systems that handle user-generated content.

For organizations using cloud services, performing regular security assessments is critical. Evaluating the effectiveness of security practices against evolving threats allows teams to improve their defenses.

For further reading, organizations can explore vulnerability management best practices and the importance of proactive security measures.

Additionally, leveraging penetration testing methodologies can help identify weaknesses in application security.

Finally, understanding the implications of XSLT vulnerabilities can steer teams toward better coding practices and enhanced security protocols.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2023-46214: High Vulnerability in Splunk Enterprise