CVE-2022-43569 – Persistent Cross-Site Scripting via a Data Model object name in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43569
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting (XSS) in the object name of a Data Model. En las versiones de Splunk Enterprise inferiores a 8.1.12, 8.2.9 y 9.0.2, un usuario autenticado puede inyectar y almacenar secuencias de comandos arbitrarias que pueden generar Cross-Site Scripting (XSS) persistentes en el nombre del objeto de un Modelo de Datos. • https://research.splunk.com/application/062bff76-5f9c-496e-a386-cb1adcf69871 https://www.splunk.com/en_us/product-security/announcements/svd-2022-1109.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-43568 – Reflected Cross-Site Scripting via the radio template in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43568
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a View allows for a Reflected Cross Site Scripting via JavaScript Object Notation (JSON) in a query parameter when output_mode=radio. En las versiones de Splunk Enterprise anteriores a 8.1.12, 8.2.9 y 9.0.2, una vista permite un Reflect Cross Site Scripting a través de JavaScript Object Notation (JSON) en un parámetro de consulta cuando output_mode=radio. • https://research.splunk.com/application/d532d105-c63f-4049-a8c4-e249127ca425 https://www.splunk.com/en_us/product-security/announcements/svd-2022-1108.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-43567 – Remote Code Execution via the Splunk Secure Gateway application Mobile Alerts feature
https://notcve.org/view.php?id=CVE-2022-43567
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app. En las versiones de Splunk Enterprise inferiores a 8.2.9, 8.1.12 y 9.0.2, un usuario autenticado puede ejecutar comandos arbitrarios del sistema operativo de forma remota mediante el uso de solicitudes especialmente manipuladas para la función de alertas móviles en la aplicación Splunk Secure Gateway. • https://research.splunk.com/application/baa41f09-df48-4375-8991-520beea161be https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html • CWE-502: Deserialization of Untrusted Data •
CVE-2022-43566 – Risky command safeguards bypass via Search ID query in Analytics Workspace in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43566
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards in the Analytics Workspace. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will. En las versiones de Splunk Enterprise anteriores a 8.2.9, 8.1.12 y 9.0.2, un usuario autenticado puede ejecutar comandos con riesgo utilizando los permisos de un usuario con más privilegios para evitar las protecciones de SPL para comandos con riesgo https://docs.splunk.com/ Documentación/SplunkCloud/latest/Security/SPLsafeguards en el espacio de trabajo de Analytics. La vulnerabilidad requiere que el atacante realice phishing a la víctima engañándola para que inicie una solicitud dentro de su navegador. • https://research.splunk.com/application/b6d77c6c-f011-4b03-8650-8f10edb7c4a8 https://www.splunk.com/en_us/product-security/announcements/svd-2022-1106.html • CWE-20: Improper Input Validation •
CVE-2022-43565 – Risky command safeguards bypass via ‘tstats command JSON in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43565
In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation (JSON) lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. En las versiones de Splunk Enterprise inferiores a 8.2.9 y 8.1.12, la forma en que el comando ?tstats maneja la Notación de Objetos JavaScript (JSON) permite a un atacante eludir las protecciones de SPL para comandos con riesgo https://docs.splunk.com/Documentation/SplunkCloud/ último/Security/SPLsafeguards. La vulnerabilidad requiere que el atacante realice phishing a la víctima engañándola para que inicie una solicitud dentro de su navegador. • https://www.splunk.com/en_us/product-security/announcements/svd-2022-1105.html • CWE-20: Improper Input Validation •