It’s no secret that data leaks have become a major concern for both citizens and institutions across the globe. They can cause serious damage to an organization’s reputation, induce considerable financial losses, and even have serious legal repercussions. From the infamous Cambridge Analytica scandal to the Equifax data breach, there have been some pretty high-profile leaks resulting in massive Read More
Related Posts
Splunk RCE Vulnerability Let Attackers Upload Malicious File
Splunk RCE Vulnerability Let Attackers Upload Malicious File
A high-severity Remote Code Execution (RCE) flaw in Splunk Enterprise has been discovered, enabling an attacker to upload malicious files.
Versions of Splunk Enterprise less than 9.0.7 and 9.1.2 do not properly sanitize user-supplied extended stylesheet language transformations (XSLT). This implies that a malicious XSLT can be uploaded by an attacker, which may cause remote code execution on the Splunk Enterprise instance.
Specifics of the Splunk RCE Flaw
With a CVSSv3.1 Score of 8.0, this vulnerability is categorized as high severity and tracked as CVE-2023-46214.
“In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply”, according to Splunk advisory.
The attack can be triggered remotely, and the modification causes an XML injection. Because the product does not appropriately neutralize XML’s special elements, attackers may modify the XML commands, content, or syntax before an end system processes it.
Document
Free Webinar
Live API Attack Simulation Webinar
In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked. The session will cover: an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway
According to a researcher who outlines the process for identifying the vulnerability using the full proof of concept exploit and the CVE description, the following steps were followed:
Crafted valid XSL file
Determined requirements to reach vuln code
Identified vulnerable endpoint
Predictable upload file location
Know where to write script
Execute script
Fixed Version
Recommendation
It is recommended that users update to Splunk Enterprise version 9.0.7 or 9.1.2.
Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.
The post Splunk RCE Vulnerability Let Attackers Upload Malicious File appeared first on Cyber Security News.
Cyber Security News
Researchers Discover Attempt to Infect Leading Egyptian Opposition Politician With Predator Spyware
Researchers Discover Attempt to Infect Leading Egyptian Opposition Politician With Predator Spyware
Egyptian opposition politician Ahmed Altantawy was targeted with spyware after announcing a presidential bid, security researchers reported
The post Researchers Discover Attempt to Infect Leading Egyptian Opposition Politician With Predator Spyware appeared first on SecurityWeek.
SecurityWeek RSS Feed
ICS Patch Tuesday: Electromagnetic Fault Injection, Critical Redis Vulnerability
ICS Patch Tuesday: Electromagnetic Fault Injection, Critical Redis Vulnerability
ICS Patch Tuesday: Siemens and Schneider Electric address dozens of vulnerabilities affecting their industrial products.
The post ICS Patch Tuesday: Electromagnetic Fault Injection, Critical Redis Vulnerability appeared first on SecurityWeek.
SecurityWeek RSS Feed