CVSS: 9.0EPSS: 26%CPEs: 4EXPL: 2CVE-2022-43571 – Remote Code Execution through dashboard PDF generation component in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43571
03 Nov 2022 — In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboard PDF generation component. En las versiones de Splunk Enterprise inferiores a 8.2.9, 8.1.12 y 9.0.2, un usuario autenticado puede ejecutar código arbitrario a través del componente de generación de PDF del dashboard. • https://github.com/ohnonoyesyes/CVE-2022-43571 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 1CVE-2022-43561 – Persistent Cross-Site Scripting in “Save Table” Dialog in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43561
03 Nov 2022 — In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting (XSS). The vulnerability affects instances with Splunk Web enabled. En las versiones de Splunk Enterprise inferiores a 8.1.12, 8.2.9 y 9.0.2, un usuario remoto que posee el poder del rol Splunk puede almacenar scripts arbitrarios que pueden generar Cross-Site Scripting (XSS) persistentes. La vulnerabilidad afecta a instanc... • https://research.splunk.com/application/a974d1ee-ddca-4837-b6ad-d55a8a239c20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37437 – Ingest Actions UI in Splunk Enterprise 9.0.0 disabled TLS certificate validation
https://notcve.org/view.php?id=CVE-2022-37437
16 Aug 2022 — When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. The vulnerability only affects connections between Splunk Enterprise and an Ingest Actions Destination through Splunk Web and only applies to environments that have configured TLS certificate validation. It does not apply to Destinations configured directly in the outputs.conf configuration file. The vulne... • https://www.splunk.com/en_us/product-security/announcements/svd-2022-0801.html • CWE-295: Improper Certificate Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-37439 – Malformed ZIP file crashes Universal Forwarders and Splunk Enterprise through file monitoring input
https://notcve.org/view.php?id=CVE-2022-37439
16 Aug 2022 — In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malformed file. En las versiones de Splunk Enterprise y Universal Forwarder de la siguiente tabla, la indexación de un archivo ZIP especialmente diseñado mediante la entrada de monitorización de archivos puede resultar en ... • https://research.splunk.com/application/b237d393-2f57-4531-aad7-ad3c17c8b041 • CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) •
CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-37438 – Information disclosure via the dashboard drilldown in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-37438
16 Aug 2022 — In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web. En las versiones de Splunk Enterprise de la siguiente tabla, un usuario autenticado puede diseñar un panel de control que podría filtrar información (por ejem... • https://research.splunk.com/application/f844c3f6-fd99-43a2-ba24-93e35fe84be6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32158 – Splunk Enterprise deployment servers allow client publishing of forwarder bundles
https://notcve.org/view.php?id=CVE-2022-32158
15 Jun 2022 — Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2.6.1, and 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server. An attacker that compromised a Universal Forwarder endpoint could use the vulnerability to execute arbitrary code on all other Universal Forwarder endpoints subscribed to the deployment server. Los servidores de despliegue de Splunk Enterprise en versiones anteriores a la 8.1.10.1, 8.2.6.1 y 9.0 permiten a los clientes desplegar pa... • https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32157 – Splunk Enterprise deployment servers allow unauthenticated forwarder bundle downloads
https://notcve.org/view.php?id=CVE-2022-32157
15 Jun 2022 — Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Though the vulne... • https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32155 – Universal Forwarder management services allows remote login by default
https://notcve.org/view.php?id=CVE-2022-32155
15 Jun 2022 — In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allo... • https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32154 – Risky commands warnings in Splunk Enterprise Dashboards
https://notcve.org/view.php?id=CVE-2022-32154
15 Jun 2022 — Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the... • https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32153 – Splunk Enterprise lacked TLS host name validation
https://notcve.org/view.php?id=CVE-2022-32153
15 Jun 2022 — Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, up... • https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation • CWE-295: Improper Certificate Validation CWE-297: Improper Validation of Certificate with Host Mismatch •