CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-37439 – Malformed ZIP file crashes Universal Forwarders and Splunk Enterprise through file monitoring input
https://notcve.org/view.php?id=CVE-2022-37439
16 Aug 2022 — In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malformed file. En las versiones de Splunk Enterprise y Universal Forwarder de la siguiente tabla, la indexación de un archivo ZIP especialmente diseñado mediante la entrada de monitorización de archivos puede resultar en ... • https://research.splunk.com/application/b237d393-2f57-4531-aad7-ad3c17c8b041 • CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) •
CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-37438 – Information disclosure via the dashboard drilldown in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-37438
16 Aug 2022 — In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web. En las versiones de Splunk Enterprise de la siguiente tabla, un usuario autenticado puede diseñar un panel de control que podría filtrar información (por ejem... • https://research.splunk.com/application/f844c3f6-fd99-43a2-ba24-93e35fe84be6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32158 – Splunk Enterprise deployment servers allow client publishing of forwarder bundles
https://notcve.org/view.php?id=CVE-2022-32158
15 Jun 2022 — Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2.6.1, and 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server. An attacker that compromised a Universal Forwarder endpoint could use the vulnerability to execute arbitrary code on all other Universal Forwarder endpoints subscribed to the deployment server. Los servidores de despliegue de Splunk Enterprise en versiones anteriores a la 8.1.10.1, 8.2.6.1 y 9.0 permiten a los clientes desplegar pa... • https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32157 – Splunk Enterprise deployment servers allow unauthenticated forwarder bundle downloads
https://notcve.org/view.php?id=CVE-2022-32157
15 Jun 2022 — Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Though the vulne... • https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32155 – Universal Forwarder management services allows remote login by default
https://notcve.org/view.php?id=CVE-2022-32155
15 Jun 2022 — In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allo... • https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32154 – Risky commands warnings in Splunk Enterprise Dashboards
https://notcve.org/view.php?id=CVE-2022-32154
15 Jun 2022 — Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the... • https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32153 – Splunk Enterprise lacked TLS host name validation
https://notcve.org/view.php?id=CVE-2022-32153
15 Jun 2022 — Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, up... • https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation • CWE-295: Improper Certificate Validation CWE-297: Improper Validation of Certificate with Host Mismatch •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32152 – Splunk Enterprise lacked TLS cert validation for Splunk-to-Splunk communication by default
https://notcve.org/view.php?id=CVE-2022-32152
15 Jun 2022 — Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, up... • https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation • CWE-295: Improper Certificate Validation •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32151 – Splunk Enterprise disabled TLS validation using the CA certificate stores in Python 3 libraries by default
https://notcve.org/view.php?id=CVE-2022-32151
15 Jun 2022 — The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries now verify server certificates by default and use the appropriate CA certificate stores for each library. Apps and add-ons that include their own HTTP libraries are not affected. For Splunk Enterprise, update to S... • https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation • CWE-295: Improper Certificate Validation •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32156 – Splunk Enterprise and Universal Forwarder CLI connections lacked TLS cert validation
https://notcve.org/view.php?id=CVE-2022-32156
14 Jun 2022 — In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by default. After updating to version 9.0, see Configure TLS host name validation for the Splunk CLI https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_TLS_host_name_validation_for_the_Splunk_CLI to enable the remediation. The vulnerability does not affect the Splunk... • https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_TLS_host_name_validation_for_the_Splunk_CLI • CWE-295: Improper Certificate Validation •