This is still a thing in Splunk Enterprise. 

Depending on your environment such as your version, deployment size and production hrs etc, you may find it easier to upgrade to the versions that are safe from this vuln.

These are 8.2.11.2, 9.0.5.1 or 9.1.0.2 for Splunk Enterprise. 

If you do this option, you still need to purge some logs as they may still pose a risk, Splunk recommends removing the log files in $SPLUNK_HOME/var/logs/splunk/

Hope this helps!

Wait a second. Don't push people into:

1) Rushing to upgrades

2) Removing logs

without proper risk analysis.

The CVE score is indeed high but the actual exploitability is limited.

In order to successfuly exploit this vulnerability one would need to first inject the ANSI sequences into the log files and then count on an admin to display this particular part of the log with a non-filtering tool.

The attack surface would depend on many factors such as:

1) Do you allow connectivity to your splunk components from everywhere or just a limited set of hosts?

2) Do you do any local work on the splunk components at all or do you manage them by means of some config management tools (like ansible)?

3) If you check the contents of log files do you use cat/tail/grep or do you use safe tools like less?

So it's not that straightforward - oooooh, you have a RCE vulnerability, go upgrade at once or you're doomed!

Don't spread panic, please.

I'm not saying that you are 100% safe, mind you. Noone responsible will tell you that. Ever. But please approach the situation responsibly and cautiously.