CVE-2022-43561 – Persistent Cross-Site Scripting in “Save Table” Dialog in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43561
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting (XSS). The vulnerability affects instances with Splunk Web enabled. En las versiones de Splunk Enterprise inferiores a 8.1.12, 8.2.9 y 9.0.2, un usuario remoto que posee el poder del rol Splunk puede almacenar scripts arbitrarios que pueden generar Cross-Site Scripting (XSS) persistentes. La vulnerabilidad afecta a instancias con Splunk Web habilitado. • https://research.splunk.com/application/a974d1ee-ddca-4837-b6ad-d55a8a239c20 https://www.splunk.com/en_us/product-security/announcements/svd-2022-1101.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-37437 – Ingest Actions UI in Splunk Enterprise 9.0.0 disabled TLS certificate validation
https://notcve.org/view.php?id=CVE-2022-37437
When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. The vulnerability only affects connections between Splunk Enterprise and an Ingest Actions Destination through Splunk Web and only applies to environments that have configured TLS certificate validation. It does not apply to Destinations configured directly in the outputs.conf configuration file. The vulnerability affects Splunk Enterprise version 9.0.0 and does not affect versions below 9.0.0, including the 8.1.x and 8.2.x versions. Cuando son usadas Acciones de Ingesta para configurar un destino que reside en Amazon Simple Storage Service (S3) en Splunk Web, la comprobación del certificado TLS no es lleva a cabo correctamente ni es comprobada para el destino. • https://www.splunk.com/en_us/product-security/announcements/svd-2022-0801.html • CWE-295: Improper Certificate Validation •
CVE-2022-37438 – Information disclosure via the dashboard drilldown in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-37438
In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web. En las versiones de Splunk Enterprise de la siguiente tabla, un usuario autenticado puede diseñar un panel de control que podría filtrar información (por ejemplo, nombre de usuario, correo electrónico y nombre real) sobre los usuarios de Splunk, cuando es visitado por otro usuario por medio del componente drilldown. La vulnerabilidad requiere el acceso del usuario para crear y compartir cuadros de mando usando Splunk Web. • https://research.splunk.com/application/f844c3f6-fd99-43a2-ba24-93e35fe84be6 https://www.splunk.com/en_us/product-security/announcements/svd-2022-0802.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •