Splunk announced on November 2 the release of a new set of quarterly patches for Splunk Enterprise, which include fixes for nine high-severity vulnerabilities.
The most severe of these security defects have a CVSS score of 8.8 and are described as remote code execution (RCE), XML external entity (XXE) injection, and reflected cross-site scripting (XSS) bugs.
All vulnerabilities have been resolved with the release of Splunk Enterprise versions 8.1.12, 8.2.9, and 9.0.2. Additional details on these issues can be found on Splunk’s product security page.
The next quarterly security updates are scheduled for February 7, 2023.
