// For flags

CVE-2022-37437

Ingest Actions UI in Splunk Enterprise 9.0.0 disabled TLS certificate validation

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. The vulnerability only affects connections between Splunk Enterprise and an Ingest Actions Destination through Splunk Web and only applies to environments that have configured TLS certificate validation. It does not apply to Destinations configured directly in the outputs.conf configuration file. The vulnerability affects Splunk Enterprise version 9.0.0 and does not affect versions below 9.0.0, including the 8.1.x and 8.2.x versions.

Cuando son usadas Acciones de Ingesta para configurar un destino que reside en Amazon Simple Storage Service (S3) en Splunk Web, la comprobación del certificado TLS no es lleva a cabo correctamente ni es comprobada para el destino. La vulnerabilidad sólo afecta a las conexiones entre Splunk Enterprise y un destino de Ingest Actions por medio de Splunk Web y sólo es aplicado a entornos que han configurado la comprobación de certificados TLS. No es aplicado a destinos configurados directamente en el archivo de configuración outputs.conf. La vulnerabilidad afecta a Splunk Enterprise versión 9.0.0 y no afecta a versiones anteriores a 9.0.0, incluyendo las versiones 8.1.x y 8.2.x.

*Credits: Eric LaMothe at Splunk, Ali Mirheidari at Splunk
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-08-05 CVE Reserved
  • 2022-08-16 CVE Published
  • 2024-03-08 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-295: Improper Certificate Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Splunk
Search vendor "Splunk"
Splunk
Search vendor "Splunk" for product "Splunk"
9.0.0
Search vendor "Splunk" for product "Splunk" and version "9.0.0"
enterprise
Affected