Multiple Vulnerabilities in Splunk Enterprise Products ​

Published on 04 Nov 2022

Updated on 04 Nov 2022

Splunk has released security updates to address nine high severity vulnerabilities in their Splunk Enterprise Products.

The vulnerabilities are as follows:

  • CVE-2022-43571 - An authenticated attacker can send a specially crafted request to the affected application and execute arbitrary code remotely on the target system.
  • CVE-2022-43567 - An authenticated attacker can pass specially crafted data to the affected application and execute arbitrary code remotely on the target system.
  • CVE-2022-43570 - An authenticated attacker can pass a specially crafted extensible markup language (XML) code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.
  • CVE-2022-43568 - An attacker can trick a user to follow a specially crafted link and execute arbitrary HTML and script code in the user's browser in context of the vulnerable website.
  • CVE-2022-43563 - An attacker can trick a user with privileged permissions to visit a specially crafted web page and perform arbitrary actions on behalf of the user on the vulnerable website and use the ‘rex’ search command to bypass search processing language (SPL) safeguards for risky commands.
  • CVE-2022-43565 - An attacker can trick a user with privileged permissions to visit a specially crafted web page and perform arbitrary actions on behalf of the user on the vulnerable website and bypass implemented SPL restrictions via the ‘tstats’ command.
  • CVE-2022-43569 - An authenticated attacker can inject and execute arbitrary HTML and script code in an user's browser in context of the vulnerable website.
  • CVE-2022-43566 - An authenticated attacker can trick a user with privileged permissions to visit a specially crafted web page and perform arbitrary actions on behalf of the user on the vulnerable website.
  • CVE-2022-43572 - An attacker can trigger resource exhaustion by sending a malformed file through the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer.


The following products are affected by these vulnerabilities:

  • Splunk Enterprise versions 8.1.0 to 8.1.11
  • Splunk Enterprise versions 8.2.0 to 8.2.8
  • Splunk Enterprise versions 9.0.0 to 9.0.1


Administrators and users of affected product versions are advised to upgrade to the latest versions immediately.

More information is available at:

https://www.splunk.com/en_us/product-security.html

https://www.securityweek.com/splunk-patches-9-high-severity-vulnerabilities-enterprise-product