Remote Code Execution through dashboard PDF generation component

Advisory ID: SVD-2024-0701


Published: 2024-07-01

Last Update: 2024-07-01

CVSSv3.1 Score: 8.8, High


Bug ID: VULN-15197


In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.203, an authenticated user could execute arbitrary code through the dashboard PDF generation component.

The pdfgen/render REST endpoint uses a vulnerable version of the ReportLab Toolkit (v3.6.1) Python library with a remote code execution vulnerability, as described in Common Vulnerabilities and Exposures (CVE) ID CVE-2023-33733.


Upgrade Splunk Enterprise to versions 9.2.2, 9.1.5, and 9.0.10, or higher.

Splunk is performing upgrades on Splunk Cloud Platform instances as part of Emergency Maintenance for customers, as described in the Splunk Cloud Platform Maintenance Policy. In the meantime, Splunk is actively monitoring for potential issues that could arise from this vulnerability.

Product Status

ProductVersionComponentAffected VersionFix Version
Splunk Enterprise9.2pdfgen9.2.0 to
Splunk Enterprise9.1pdfgen9.1.0 to
Splunk Enterprise9.0pdfgen9.0.0 to
Splunk Cloud Platform9.1.2312pdfgen9.1.2312.100 to 9.1.2312.1089.1.2312.109
Splunk Cloud Platform9.1.2308pdfgenBelow 9.1.2308.2039.1.2308.203

Mitigations and Workarounds




Splunk rates this vulnerability as 8.8, High, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.


Alex Chapman (ajxchapman)