CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-43563 – Risky command safeguards bypass via rex search command field names in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43563
04 Nov 2022 — In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will. En las versiones de Splunk Enterprise inferiores a 8.2.9 y 8.1.12, la forma en que... • https://www.splunk.com/en_us/product-security/announcements/svd-2022-1103.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-43562 – Host Header Injection in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43562
04 Nov 2022 — In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site scripting and cache poisoning. En las versiones de Splunk Enterprise inferiores a 8.1.12, 8.2.9 y 9.0.2, Splunk Enterprise no valida ni escapa correctamente el encabezado del Host, lo que podría permitir que un usuario remoto autenticado realice varios ataques contra ... • https://www.splunk.com/en_us/product-security/announcements/svd-2022-1102.html • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 2CVE-2022-43571 – Remote Code Execution through dashboard PDF generation component in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43571
03 Nov 2022 — In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboard PDF generation component. En las versiones de Splunk Enterprise inferiores a 8.2.9, 8.1.12 y 9.0.2, un usuario autenticado puede ejecutar código arbitrario a través del componente de generación de PDF del dashboard. • https://github.com/ohnonoyesyes/CVE-2022-43571 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 1CVE-2022-43561 – Persistent Cross-Site Scripting in “Save Table” Dialog in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43561
03 Nov 2022 — In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting (XSS). The vulnerability affects instances with Splunk Web enabled. En las versiones de Splunk Enterprise inferiores a 8.1.12, 8.2.9 y 9.0.2, un usuario remoto que posee el poder del rol Splunk puede almacenar scripts arbitrarios que pueden generar Cross-Site Scripting (XSS) persistentes. La vulnerabilidad afecta a instanc... • https://research.splunk.com/application/a974d1ee-ddca-4837-b6ad-d55a8a239c20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-37439 – Malformed ZIP file crashes Universal Forwarders and Splunk Enterprise through file monitoring input
https://notcve.org/view.php?id=CVE-2022-37439
16 Aug 2022 — In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malformed file. En las versiones de Splunk Enterprise y Universal Forwarder de la siguiente tabla, la indexación de un archivo ZIP especialmente diseñado mediante la entrada de monitorización de archivos puede resultar en ... • https://research.splunk.com/application/b237d393-2f57-4531-aad7-ad3c17c8b041 • CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) •
CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-37438 – Information disclosure via the dashboard drilldown in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-37438
16 Aug 2022 — In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web. En las versiones de Splunk Enterprise de la siguiente tabla, un usuario autenticado puede diseñar un panel de control que podría filtrar información (por ejem... • https://research.splunk.com/application/f844c3f6-fd99-43a2-ba24-93e35fe84be6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32158 – Splunk Enterprise deployment servers allow client publishing of forwarder bundles
https://notcve.org/view.php?id=CVE-2022-32158
15 Jun 2022 — Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2.6.1, and 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server. An attacker that compromised a Universal Forwarder endpoint could use the vulnerability to execute arbitrary code on all other Universal Forwarder endpoints subscribed to the deployment server. Los servidores de despliegue de Splunk Enterprise en versiones anteriores a la 8.1.10.1, 8.2.6.1 y 9.0 permiten a los clientes desplegar pa... • https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32157 – Splunk Enterprise deployment servers allow unauthenticated forwarder bundle downloads
https://notcve.org/view.php?id=CVE-2022-32157
15 Jun 2022 — Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Though the vulne... • https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32155 – Universal Forwarder management services allows remote login by default
https://notcve.org/view.php?id=CVE-2022-32155
15 Jun 2022 — In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allo... • https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32154 – Risky commands warnings in Splunk Enterprise Dashboards
https://notcve.org/view.php?id=CVE-2022-32154
15 Jun 2022 — Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the... • https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •