CVE-2022-43566 – Risky command safeguards bypass via Search ID query in Analytics Workspace in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43566
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards in the Analytics Workspace. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will. En las versiones de Splunk Enterprise anteriores a 8.2.9, 8.1.12 y 9.0.2, un usuario autenticado puede ejecutar comandos con riesgo utilizando los permisos de un usuario con más privilegios para evitar las protecciones de SPL para comandos con riesgo https://docs.splunk.com/ Documentación/SplunkCloud/latest/Security/SPLsafeguards en el espacio de trabajo de Analytics. La vulnerabilidad requiere que el atacante realice phishing a la víctima engañándola para que inicie una solicitud dentro de su navegador. • https://research.splunk.com/application/b6d77c6c-f011-4b03-8650-8f10edb7c4a8 https://www.splunk.com/en_us/product-security/announcements/svd-2022-1106.html • CWE-20: Improper Input Validation •
CVE-2022-43565 – Risky command safeguards bypass via ‘tstats command JSON in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43565
In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation (JSON) lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. En las versiones de Splunk Enterprise inferiores a 8.2.9 y 8.1.12, la forma en que el comando ?tstats maneja la Notación de Objetos JavaScript (JSON) permite a un atacante eludir las protecciones de SPL para comandos con riesgo https://docs.splunk.com/Documentation/SplunkCloud/ último/Security/SPLsafeguards. La vulnerabilidad requiere que el atacante realice phishing a la víctima engañándola para que inicie una solicitud dentro de su navegador. • https://www.splunk.com/en_us/product-security/announcements/svd-2022-1105.html • CWE-20: Improper Input Validation •
CVE-2022-43564 – Denial of Service in Splunk Enterprise through search macros
https://notcve.org/view.php?id=CVE-2022-43564
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user who can create search macros and schedule search reports can cause a denial of service through the use of specially crafted search macros. En las versiones de Splunk Enterprise inferiores a 8.1.12, 8.2.9 y 9.0.2, un usuario remoto que puede crear macros de búsqueda y programar informes de búsqueda puede provocar una denegación de servicio mediante el uso de macros de búsqueda especialmente manipulados. • https://www.splunk.com/en_us/product-security/announcements/svd-2022-1104.html • CWE-400: Uncontrolled Resource Consumption •
CVE-2022-43563 – Risky command safeguards bypass via rex search command field names in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43563
In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will. En las versiones de Splunk Enterprise inferiores a 8.2.9 y 8.1.12, la forma en que el comando de búsqueda rex maneja los nombres de los campos permite a un atacante omitir las protecciones de SPL para comandos riesgosos https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/ Salvaguardias SPL. La vulnerabilidad requiere que el atacante realice phishing a la víctima engañándola para que inicie una solicitud dentro de su navegador. • https://www.splunk.com/en_us/product-security/announcements/svd-2022-1103.html • CWE-20: Improper Input Validation •
CVE-2022-43562 – Host Header Injection in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43562
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site scripting and cache poisoning. En las versiones de Splunk Enterprise inferiores a 8.1.12, 8.2.9 y 9.0.2, Splunk Enterprise no valida ni escapa correctamente el encabezado del Host, lo que podría permitir que un usuario remoto autenticado realice varios ataques contra el sistema, incluidos Cross-Site Scripting y envenenamiento de caché. • https://www.splunk.com/en_us/product-security/announcements/svd-2022-1102.html • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •