{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-14T18:44:34.163","vulnerabilities":[{"cve":{"id":"CVE-2023-40598","sourceIdentifier":"prodsec@splunk.com","published":"2023-08-30T17:15:10.267","lastModified":"2024-11-21T08:19:47.817","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on the Splunk platform Instance."},{"lang":"es","value":"En las versiones de Splunk Enterprise anteriores a 8.2.12, 9.0.6 y 9.1.1, un atacante puede crear una búsqueda externa que llama a una función interna heredada. El atacante puede usar esta función interna para insertar código en el directorio de instalación de la plataforma Splunk. Desde allí, un usuario puede ejecutar código arbitrario en la instancia de la plataforma Splunk."}],"metrics":{"cvssMetricV31":[{"source":"prodsec@splunk.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"prodsec@splunk.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*","versionEndExcluding":"8.2.12","matchCriteriaId":"5BD4C262-6668-45CC-87E5-ED553D2E4822"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"9.0.0","versionEndExcluding":"9.0.6","matchCriteriaId":"74A23E71-6A34-48A5-8087-B626BED870E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"9.1.0","versionEndExcluding":"9.1.1","matchCriteriaId":"81ED9AAF-7EEE-4212-9066-A17E76A75DE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*","versionEndExcluding":"9.0.2305.200","matchCriteriaId":"0FCE348A-6B22-458C-8CBD-4B4DF0096429"}]}]}],"references":[{"url":"https://advisory.splunk.com/advisories/SVD-2023-0807","source":"prodsec@splunk.com","tags":["Vendor Advisory"]},{"url":"https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/","source":"prodsec@splunk.com","tags":["Vendor Advisory"]},{"url":"https://advisory.splunk.com/advisories/SVD-2023-0807","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}