CVE-2022-43567 – Remote Code Execution via the Splunk Secure Gateway application Mobile Alerts feature
https://notcve.org/view.php?id=CVE-2022-43567
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app. En las versiones de Splunk Enterprise inferiores a 8.2.9, 8.1.12 y 9.0.2, un usuario autenticado puede ejecutar comandos arbitrarios del sistema operativo de forma remota mediante el uso de solicitudes especialmente manipuladas para la función de alertas móviles en la aplicación Splunk Secure Gateway. • https://research.splunk.com/application/baa41f09-df48-4375-8991-520beea161be https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html • CWE-502: Deserialization of Untrusted Data •
CVE-2022-43566 – Risky command safeguards bypass via Search ID query in Analytics Workspace in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43566
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards in the Analytics Workspace. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will. En las versiones de Splunk Enterprise anteriores a 8.2.9, 8.1.12 y 9.0.2, un usuario autenticado puede ejecutar comandos con riesgo utilizando los permisos de un usuario con más privilegios para evitar las protecciones de SPL para comandos con riesgo https://docs.splunk.com/ Documentación/SplunkCloud/latest/Security/SPLsafeguards en el espacio de trabajo de Analytics. La vulnerabilidad requiere que el atacante realice phishing a la víctima engañándola para que inicie una solicitud dentro de su navegador. • https://research.splunk.com/application/b6d77c6c-f011-4b03-8650-8f10edb7c4a8 https://www.splunk.com/en_us/product-security/announcements/svd-2022-1106.html • CWE-20: Improper Input Validation •
CVE-2022-43565 – Risky command safeguards bypass via ‘tstats command JSON in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43565
In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation (JSON) lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. En las versiones de Splunk Enterprise inferiores a 8.2.9 y 8.1.12, la forma en que el comando ?tstats maneja la Notación de Objetos JavaScript (JSON) permite a un atacante eludir las protecciones de SPL para comandos con riesgo https://docs.splunk.com/Documentation/SplunkCloud/ último/Security/SPLsafeguards. La vulnerabilidad requiere que el atacante realice phishing a la víctima engañándola para que inicie una solicitud dentro de su navegador. • https://www.splunk.com/en_us/product-security/announcements/svd-2022-1105.html • CWE-20: Improper Input Validation •
CVE-2022-43564 – Denial of Service in Splunk Enterprise through search macros
https://notcve.org/view.php?id=CVE-2022-43564
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user who can create search macros and schedule search reports can cause a denial of service through the use of specially crafted search macros. En las versiones de Splunk Enterprise inferiores a 8.1.12, 8.2.9 y 9.0.2, un usuario remoto que puede crear macros de búsqueda y programar informes de búsqueda puede provocar una denegación de servicio mediante el uso de macros de búsqueda especialmente manipulados. • https://www.splunk.com/en_us/product-security/announcements/svd-2022-1104.html • CWE-400: Uncontrolled Resource Consumption •
CVE-2022-43563 – Risky command safeguards bypass via rex search command field names in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43563
In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will. En las versiones de Splunk Enterprise inferiores a 8.2.9 y 8.1.12, la forma en que el comando de búsqueda rex maneja los nombres de los campos permite a un atacante omitir las protecciones de SPL para comandos riesgosos https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/ Salvaguardias SPL. La vulnerabilidad requiere que el atacante realice phishing a la víctima engañándola para que inicie una solicitud dentro de su navegador. • https://www.splunk.com/en_us/product-security/announcements/svd-2022-1103.html • CWE-20: Improper Input Validation •