CVE-2022-43570 – XML External Entity Injection through a custom View in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43570
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents into an error. En las versiones de Splunk Enterprise inferiores a 8.1.12, 8.2.9 y 9.0.2, un usuario autenticado puede realizar una inyección de entidad externa (XXE) en lenguaje de marcado extensible (XML) a través de una Vista personalizada. La inyección XXE hace que Splunk Web incruste documentos incorrectos en un error. • https://www.splunk.com/en_us/product-security/announcements/svd-2022-1110.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2022-43569 – Persistent Cross-Site Scripting via a Data Model object name in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43569
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting (XSS) in the object name of a Data Model. En las versiones de Splunk Enterprise inferiores a 8.1.12, 8.2.9 y 9.0.2, un usuario autenticado puede inyectar y almacenar secuencias de comandos arbitrarias que pueden generar Cross-Site Scripting (XSS) persistentes en el nombre del objeto de un Modelo de Datos. • https://research.splunk.com/application/062bff76-5f9c-496e-a386-cb1adcf69871 https://www.splunk.com/en_us/product-security/announcements/svd-2022-1109.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-43568 – Reflected Cross-Site Scripting via the radio template in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43568
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a View allows for a Reflected Cross Site Scripting via JavaScript Object Notation (JSON) in a query parameter when output_mode=radio. En las versiones de Splunk Enterprise anteriores a 8.1.12, 8.2.9 y 9.0.2, una vista permite un Reflect Cross Site Scripting a través de JavaScript Object Notation (JSON) en un parámetro de consulta cuando output_mode=radio. • https://research.splunk.com/application/d532d105-c63f-4049-a8c4-e249127ca425 https://www.splunk.com/en_us/product-security/announcements/svd-2022-1108.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-43567 – Remote Code Execution via the Splunk Secure Gateway application Mobile Alerts feature
https://notcve.org/view.php?id=CVE-2022-43567
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app. En las versiones de Splunk Enterprise inferiores a 8.2.9, 8.1.12 y 9.0.2, un usuario autenticado puede ejecutar comandos arbitrarios del sistema operativo de forma remota mediante el uso de solicitudes especialmente manipuladas para la función de alertas móviles en la aplicación Splunk Secure Gateway. • https://research.splunk.com/application/baa41f09-df48-4375-8991-520beea161be https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html • CWE-502: Deserialization of Untrusted Data •
CVE-2022-43566 – Risky command safeguards bypass via Search ID query in Analytics Workspace in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43566
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards in the Analytics Workspace. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will. En las versiones de Splunk Enterprise anteriores a 8.2.9, 8.1.12 y 9.0.2, un usuario autenticado puede ejecutar comandos con riesgo utilizando los permisos de un usuario con más privilegios para evitar las protecciones de SPL para comandos con riesgo https://docs.splunk.com/ Documentación/SplunkCloud/latest/Security/SPLsafeguards en el espacio de trabajo de Analytics. La vulnerabilidad requiere que el atacante realice phishing a la víctima engañándola para que inicie una solicitud dentro de su navegador. • https://research.splunk.com/application/b6d77c6c-f011-4b03-8650-8f10edb7c4a8 https://www.splunk.com/en_us/product-security/announcements/svd-2022-1106.html • CWE-20: Improper Input Validation •