cve-2022-37437
Vulnerability from cvelistv5
Published
2022-08-16 19:50
Modified
2024-09-16 20:03
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Ingest Actions UI in Splunk Enterprise 9.0.0 disabled TLS certificate validation
References
prodsec@splunk.comhttps://www.splunk.com/en_us/product-security/announcements/svd-2022-0801.htmlMitigation, Vendor Advisory
Impacted products
SplunkSplunk Enterprise
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:29:21.033Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0801.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Splunk Enterprise",
          "vendor": "Splunk",
          "versions": [
            {
              "status": "affected",
              "version": "9.0.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Eric LaMothe at Splunk"
        },
        {
          "lang": "en",
          "value": "Ali Mirheidari at Splunk"
        }
      ],
      "datePublic": "2022-08-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. The vulnerability only affects connections between Splunk Enterprise and an Ingest Actions Destination through Splunk Web and only applies to environments that have configured TLS certificate validation. It does not apply to Destinations configured directly in the outputs.conf configuration file. The vulnerability affects Splunk Enterprise version 9.0.0 and does not affect versions below 9.0.0, including the 8.1.x and 8.2.x versions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-16T19:50:29",
        "orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
        "shortName": "Splunk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0801.html"
        }
      ],
      "source": {
        "advisory": "SVD-2022-0801",
        "defect": [
          "SPL-224209"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Ingest Actions UI in Splunk Enterprise 9.0.0 disabled TLS certificate validation",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "prodsec@splunk.com",
          "DATE_PUBLIC": "2022-08-16T16:00:00.000Z",
          "ID": "CVE-2022-37437",
          "STATE": "PUBLIC",
          "TITLE": "Ingest Actions UI in Splunk Enterprise 9.0.0 disabled TLS certificate validation"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Splunk Enterprise",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_name": "9.0",
                            "version_value": "9.0.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Splunk"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Eric LaMothe at Splunk"
          },
          {
            "lang": "eng",
            "value": "Ali Mirheidari at Splunk"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. The vulnerability only affects connections between Splunk Enterprise and an Ingest Actions Destination through Splunk Web and only applies to environments that have configured TLS certificate validation. It does not apply to Destinations configured directly in the outputs.conf configuration file. The vulnerability affects Splunk Enterprise version 9.0.0 and does not affect versions below 9.0.0, including the 8.1.x and 8.2.x versions."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-295"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0801.html",
              "refsource": "CONFIRM",
              "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0801.html"
            }
          ]
        },
        "source": {
          "advisory": "SVD-2022-0801",
          "defect": [
            "SPL-224209"
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
    "assignerShortName": "Splunk",
    "cveId": "CVE-2022-37437",
    "datePublished": "2022-08-16T19:50:29.832023Z",
    "dateReserved": "2022-08-05T00:00:00",
    "dateUpdated": "2024-09-16T20:03:48.193Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-37437\",\"sourceIdentifier\":\"prodsec@splunk.com\",\"published\":\"2022-08-16T21:15:13.523\",\"lastModified\":\"2022-08-18T19:01:11.127\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. The vulnerability only affects connections between Splunk Enterprise and an Ingest Actions Destination through Splunk Web and only applies to environments that have configured TLS certificate validation. It does not apply to Destinations configured directly in the outputs.conf configuration file. The vulnerability affects Splunk Enterprise version 9.0.0 and does not affect versions below 9.0.0, including the 8.1.x and 8.2.x versions.\"},{\"lang\":\"es\",\"value\":\"Cuando son usadas Acciones de Ingesta para configurar un destino que reside en Amazon Simple Storage Service (S3) en Splunk Web, la comprobaci\u00f3n del certificado TLS no es lleva a cabo correctamente ni es comprobada para el destino. La vulnerabilidad s\u00f3lo afecta a las conexiones entre Splunk Enterprise y un destino de Ingest Actions por medio de Splunk Web y s\u00f3lo es aplicado a entornos que han configurado la comprobaci\u00f3n de certificados TLS. No es aplicado a destinos configurados directamente en el archivo de configuraci\u00f3n outputs.conf. La vulnerabilidad afecta a Splunk Enterprise versi\u00f3n 9.0.0 y no afecta a versiones anteriores a 9.0.0, incluyendo las versiones 8.1.x y 8.2.x.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"prodsec@splunk.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]},{\"source\":\"prodsec@splunk.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk:9.0.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"9A6A63F1-B7A3-4D3D-8366-29C38A5B48BD\"}]}]}],\"references\":[{\"url\":\"https://www.splunk.com/en_us/product-security/announcements/svd-2022-0801.html\",\"source\":\"prodsec@splunk.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.