CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-43568 – Reflected Cross-Site Scripting via the radio template in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43568
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a View allows for a Reflected Cross Site Scripting via JavaScript Object Notation (JSON) in a query parameter when output_mode=radio. En las versiones de Splunk Enterprise anteriores a 8.1.12, 8.2.9 y 9.0.2, una vista permite un Reflect Cross Site Scripting a través de JavaScript Object Notation (JSON) en un parámetro de consulta cuando output_mode=radio. • https://research.splunk.com/application/d532d105-c63f-4049-a8c4-e249127ca425 https://www.splunk.com/en_us/product-security/announcements/svd-2022-1108.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-43567 – Remote Code Execution via the Splunk Secure Gateway application Mobile Alerts feature
https://notcve.org/view.php?id=CVE-2022-43567
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app. En las versiones de Splunk Enterprise inferiores a 8.2.9, 8.1.12 y 9.0.2, un usuario autenticado puede ejecutar comandos arbitrarios del sistema operativo de forma remota mediante el uso de solicitudes especialmente manipuladas para la función de alertas móviles en la aplicación Splunk Secure Gateway. • https://research.splunk.com/application/baa41f09-df48-4375-8991-520beea161be https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.0EPSS: 0%CPEs: 4EXPL: 1CVE-2022-43566 – Risky command safeguards bypass via Search ID query in Analytics Workspace in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43566
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards in the Analytics Workspace. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will. En las versiones de Splunk Enterprise anteriores a 8.2.9, 8.1.12 y 9.0.2, un usuario autenticado puede ejecutar comandos con riesgo utilizando los permisos de un usuario con más privilegios para evitar las protecciones de SPL para comandos con riesgo https://docs.splunk.com/ Documentación/SplunkCloud/latest/Security/SPLsafeguards en el espacio de trabajo de Analytics. La vulnerabilidad requiere que el atacante realice phishing a la víctima engañándola para que inicie una solicitud dentro de su navegador. • https://research.splunk.com/application/b6d77c6c-f011-4b03-8650-8f10edb7c4a8 https://www.splunk.com/en_us/product-security/announcements/svd-2022-1106.html • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2022-43562 – Host Header Injection in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43562
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site scripting and cache poisoning. En las versiones de Splunk Enterprise inferiores a 8.1.12, 8.2.9 y 9.0.2, Splunk Enterprise no valida ni escapa correctamente el encabezado del Host, lo que podría permitir que un usuario remoto autenticado realice varios ataques contra el sistema, incluidos Cross-Site Scripting y envenenamiento de caché. • https://www.splunk.com/en_us/product-security/announcements/svd-2022-1102.html • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 2CVE-2022-43571 – Remote Code Execution through dashboard PDF generation component in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43571
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboard PDF generation component. En las versiones de Splunk Enterprise inferiores a 8.2.9, 8.1.12 y 9.0.2, un usuario autenticado puede ejecutar código arbitrario a través del componente de generación de PDF del dashboard. • https://github.com/ohnonoyesyes/CVE-2022-43571 https://research.splunk.com/application/b06b41d7-9570-4985-8137-0784f582a1b3 https://www.splunk.com/en_us/product-security/announcements/svd-2022-1111.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •