CVE-2022-43564 – Denial of Service in Splunk Enterprise through search macros
https://notcve.org/view.php?id=CVE-2022-43564
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user who can create search macros and schedule search reports can cause a denial of service through the use of specially crafted search macros. En las versiones de Splunk Enterprise inferiores a 8.1.12, 8.2.9 y 9.0.2, un usuario remoto que puede crear macros de búsqueda y programar informes de búsqueda puede provocar una denegación de servicio mediante el uso de macros de búsqueda especialmente manipulados. • https://www.splunk.com/en_us/product-security/announcements/svd-2022-1104.html • CWE-400: Uncontrolled Resource Consumption •
CVE-2022-43563 – Risky command safeguards bypass via rex search command field names in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43563
In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will. En las versiones de Splunk Enterprise inferiores a 8.2.9 y 8.1.12, la forma en que el comando de búsqueda rex maneja los nombres de los campos permite a un atacante omitir las protecciones de SPL para comandos riesgosos https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/ Salvaguardias SPL. La vulnerabilidad requiere que el atacante realice phishing a la víctima engañándola para que inicie una solicitud dentro de su navegador. • https://www.splunk.com/en_us/product-security/announcements/svd-2022-1103.html • CWE-20: Improper Input Validation •
CVE-2022-43562 – Host Header Injection in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43562
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site scripting and cache poisoning. En las versiones de Splunk Enterprise inferiores a 8.1.12, 8.2.9 y 9.0.2, Splunk Enterprise no valida ni escapa correctamente el encabezado del Host, lo que podría permitir que un usuario remoto autenticado realice varios ataques contra el sistema, incluidos Cross-Site Scripting y envenenamiento de caché. • https://www.splunk.com/en_us/product-security/announcements/svd-2022-1102.html • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2022-43571 – Remote Code Execution through dashboard PDF generation component in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43571
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboard PDF generation component. En las versiones de Splunk Enterprise inferiores a 8.2.9, 8.1.12 y 9.0.2, un usuario autenticado puede ejecutar código arbitrario a través del componente de generación de PDF del dashboard. • https://github.com/ohnonoyesyes/CVE-2022-43571 https://research.splunk.com/application/b06b41d7-9570-4985-8137-0784f582a1b3 https://www.splunk.com/en_us/product-security/announcements/svd-2022-1111.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2022-43561 – Persistent Cross-Site Scripting in “Save Table” Dialog in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43561
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting (XSS). The vulnerability affects instances with Splunk Web enabled. En las versiones de Splunk Enterprise inferiores a 8.1.12, 8.2.9 y 9.0.2, un usuario remoto que posee el poder del rol Splunk puede almacenar scripts arbitrarios que pueden generar Cross-Site Scripting (XSS) persistentes. La vulnerabilidad afecta a instancias con Splunk Web habilitado. • https://research.splunk.com/application/a974d1ee-ddca-4837-b6ad-d55a8a239c20 https://www.splunk.com/en_us/product-security/announcements/svd-2022-1101.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •