Splunk version 4.1.5 contains fixes for two security vulnerabilities:
- Splunk’s XML Parser is vulnerable to XXE (SPL-31061) ( CVE-2010-3322)
- SPLUNKD_SESSION_KEY parameter allows session hijacking (SPL-31094) (CVE-2010-3323)
At the time of this announcement, Splunk is not aware of any cases where these vulnerabilities have been exploited. Splunk recommends that customers upgrade any instances of Splunk running Splunk Web, such as index and search servers, to the latest maintenance release as soon as possible.
Splunk also recommends that you apply as many components of the Splunk Hardening Standards as possible to mitigate the risk and impact of exploitation.