cvelistv5 - cve-2022-43567

CVE-2022-43567 (GCVE-0-2022-43567)

Vulnerability from cvelistv5 – Published: 2022-11-04 22:21 – Updated: 2025-05-05 20:34

Summary

In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-502 - Deserialization of Untrusted Data

Assigner

Splunk

References

URL

Tags

	https://www.splunk.com/en_us/product-security/ann…
	https://research.splunk.com/application/baa41f09-…

Impacted products

	Vendor	Product	Version
	Splunk	Splunk Enterprise	Affected: 8.1 , < 8.1.12 (custom) Affected: 8.2 , < 8.2.9 (custom) Affected: 9.0 , < 9.0.2 (custom)

Credits

Danylo Dmytriiev (DDV_UA)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:32:59.758Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://research.splunk.com/application/baa41f09-df48-4375-8991-520beea161be/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-43567",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-05T20:33:23.307535Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-05T20:34:05.121Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Splunk Enterprise",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "8.1.12",
              "status": "affected",
              "version": "8.1",
              "versionType": "custom"
            },
            {
              "lessThan": "8.2.9",
              "status": "affected",
              "version": "8.2",
              "versionType": "custom"
            },
            {
              "lessThan": "9.0.2",
              "status": "affected",
              "version": "9.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Danylo Dmytriiev (DDV_UA)"
        }
      ],
      "datePublic": "2022-11-02T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-04T22:21:50.819Z",
        "orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
        "shortName": "Splunk"
      },
      "references": [
        {
          "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html"
        },
        {
          "url": "https://research.splunk.com/application/baa41f09-df48-4375-8991-520beea161be/"
        }
      ],
      "source": {
        "advisory": "SVD-2022-1107",
        "discovery": "EXTERNAL"
      },
      "title": "Remote Code Execution via the Splunk Secure Gateway application Mobile Alerts feature"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
    "assignerShortName": "Splunk",
    "cveId": "CVE-2022-43567",
    "datePublished": "2022-11-04T22:21:50.819Z",
    "dateReserved": "2022-10-20T18:37:09.182Z",
    "dateUpdated": "2025-05-05T20:34:05.121Z",
    "requesterUserId": "d03a2723-f9e2-46d2-8173-16ee7d33f715",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*\", \"versionStartIncluding\": \"8.1.0\", \"versionEndExcluding\": \"8.1.12\", \"matchCriteriaId\": \"697F9803-FC99-4149-A4E5-55A3A8CB1D18\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*\", \"versionStartIncluding\": \"8.2.0\", \"versionEndExcluding\": \"8.2.9\", \"matchCriteriaId\": \"07617B0C-3704-4DB5-B416-94B77A5C2EEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*\", \"versionStartIncluding\": \"9.0.0\", \"versionEndExcluding\": \"9.0.2\", \"matchCriteriaId\": \"867EFF29-96B9-44EF-93CE-8E7DB77B086E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.0.2205\", \"matchCriteriaId\": \"8E99A24B-2F6D-4688-BAFA-8E40A5954875\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app.\\n\"}, {\"lang\": \"es\", \"value\": \"En las versiones de Splunk Enterprise inferiores a 8.2.9, 8.1.12 y 9.0.2, un usuario autenticado puede ejecutar comandos arbitrarios del sistema operativo de forma remota mediante el uso de solicitudes especialmente manipuladas para la funci\\u00f3n de alertas m\\u00f3viles en la aplicaci\\u00f3n Splunk Secure Gateway.\"}]",
      "id": "CVE-2022-43567",
      "lastModified": "2024-11-21T07:26:48.057",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"prodsec@splunk.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
      "published": "2022-11-04T23:15:10.147",
      "references": "[{\"url\": \"https://research.splunk.com/application/baa41f09-df48-4375-8991-520beea161be/\", \"source\": \"prodsec@splunk.com\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html\", \"source\": \"prodsec@splunk.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://research.splunk.com/application/baa41f09-df48-4375-8991-520beea161be/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "prodsec@splunk.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"prodsec@splunk.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-502\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-502\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-43567\",\"sourceIdentifier\":\"prodsec@splunk.com\",\"published\":\"2022-11-04T23:15:10.147\",\"lastModified\":\"2024-11-21T07:26:48.057\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app.\\n\"},{\"lang\":\"es\",\"value\":\"En las versiones de Splunk Enterprise inferiores a 8.2.9, 8.1.12 y 9.0.2, un usuario autenticado puede ejecutar comandos arbitrarios del sistema operativo de forma remota mediante el uso de solicitudes especialmente manipuladas para la funci\u00f3n de alertas m\u00f3viles en la aplicaci\u00f3n Splunk Secure Gateway.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"prodsec@splunk.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"prodsec@splunk.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"8.1.0\",\"versionEndExcluding\":\"8.1.12\",\"matchCriteriaId\":\"697F9803-FC99-4149-A4E5-55A3A8CB1D18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"8.2.0\",\"versionEndExcluding\":\"8.2.9\",\"matchCriteriaId\":\"07617B0C-3704-4DB5-B416-94B77A5C2EEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.0.2\",\"matchCriteriaId\":\"867EFF29-96B9-44EF-93CE-8E7DB77B086E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.0.2205\",\"matchCriteriaId\":\"8E99A24B-2F6D-4688-BAFA-8E40A5954875\"}]}]}],\"references\":[{\"url\":\"https://research.splunk.com/application/baa41f09-df48-4375-8991-520beea161be/\",\"source\":\"prodsec@splunk.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html\",\"source\":\"prodsec@splunk.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://research.splunk.com/application/baa41f09-df48-4375-8991-520beea161be/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://research.splunk.com/application/baa41f09-df48-4375-8991-520beea161be/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T13:32:59.758Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-43567\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-05T20:33:23.307535Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-05T20:33:38.121Z\"}}], \"cna\": {\"title\": \"Remote Code Execution via the Splunk Secure Gateway application Mobile Alerts feature\", \"source\": {\"advisory\": \"SVD-2022-1107\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Danylo Dmytriiev (DDV_UA)\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Splunk\", \"product\": \"Splunk Enterprise\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.1\", \"lessThan\": \"8.1.12\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.2\", \"lessThan\": \"8.2.9\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"9.0\", \"lessThan\": \"9.0.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}], \"datePublic\": \"2022-11-02T16:00:00.000Z\", \"references\": [{\"url\": \"https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html\"}, {\"url\": \"https://research.splunk.com/application/baa41f09-df48-4375-8991-520beea161be/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app.\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eIn Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app.\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-502\", \"description\": \"CWE-502 Deserialization of Untrusted Data\"}]}], \"providerMetadata\": {\"orgId\": \"42b59230-ec95-491e-8425-5a5befa1a469\", \"shortName\": \"Splunk\", \"dateUpdated\": \"2022-11-04T22:21:50.819Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-43567\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-05T20:34:05.121Z\", \"dateReserved\": \"2022-10-20T18:37:09.182Z\", \"assignerOrgId\": \"42b59230-ec95-491e-8425-5a5befa1a469\", \"datePublished\": \"2022-11-04T22:21:50.819Z\", \"requesterUserId\": \"d03a2723-f9e2-46d2-8173-16ee7d33f715\", \"assignerShortName\": \"Splunk\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2022-AVI-986

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Splunk. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Splunk	Splunk Enterprise	Splunk Enterprise versions 8.1.x antérieures à 8.1.12
Splunk	Splunk Enterprise	Splunk Enterprise versions 8.2.x antérieures à 8.2.9
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 9.0.x antérieures à 9.0.2211
Splunk	Splunk Enterprise	Splunk Enterprise versions 9.0.x antérieures à 9.0.2

References

Title

Publication Time

Tags

Bulletin de sécurité Splunk svd-2022-1102 du 02 novembre 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-1106 du 02 novembre 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-1104 du 02 novembre 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-1101 du 02 novembre 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-1113 du 02 novembre 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-1112 du 02 novembre 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-1109 du 02 novembre 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-1111 du 02 novembre 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-1103 du 02 novembre 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-1105 du 02 novembre 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-1110 du 02 novembre 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-1107 du 02 novembre 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-1108 du 02 novembre 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Splunk Enterprise versions 8.1.x ant\u00e9rieures \u00e0 8.1.12",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 8.2.x ant\u00e9rieures \u00e0 8.2.9",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Cloud Platform versions 9.0.x ant\u00e9rieures \u00e0 9.0.2211",
      "product": {
        "name": "Splunk Cloud Platform",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 9.0.x ant\u00e9rieures \u00e0 9.0.2",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-43566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43566"
    },
    {
      "name": "CVE-2022-43563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43563"
    },
    {
      "name": "CVE-2022-43571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43571"
    },
    {
      "name": "CVE-2022-43568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43568"
    },
    {
      "name": "CVE-2022-43569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43569"
    },
    {
      "name": "CVE-2022-43564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43564"
    },
    {
      "name": "CVE-2022-43561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43561"
    },
    {
      "name": "CVE-2022-43565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43565"
    },
    {
      "name": "CVE-2020-36518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
    },
    {
      "name": "CVE-2022-43572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43572"
    },
    {
      "name": "CVE-2022-43570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43570"
    },
    {
      "name": "CVE-2022-43567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43567"
    },
    {
      "name": "CVE-2022-43562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43562"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-986",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-11-03T00:00:00.000000"
    },
    {
      "description": "Correction num\u00e9ro de CVE : CVE-2022-36518 remplac\u00e9 par CVE-2020-36518",
      "revision_date": "2022-11-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Splunk. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0\ndistance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Splunk",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-1102 du 02 novembre 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1102.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-1106 du 02 novembre 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1106.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-1104 du 02 novembre 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1104.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-1101 du 02 novembre 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1101.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-1113 du 02 novembre 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1113.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-1112 du 02 novembre 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1112.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-1109 du 02 novembre 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1109.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-1111 du 02 novembre 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1111.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-1103 du 02 novembre 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1103.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-1105 du 02 novembre 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1105.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-1110 du 02 novembre 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1110.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-1107 du 02 novembre 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-1108 du 02 novembre 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1108.html"
    }
  ]
}

CERTFR-2022-AVI-986

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Splunk	Splunk Enterprise	Splunk Enterprise versions 8.1.x antérieures à 8.1.12
Splunk	Splunk Enterprise	Splunk Enterprise versions 8.2.x antérieures à 8.2.9
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 9.0.x antérieures à 9.0.2211
Splunk	Splunk Enterprise	Splunk Enterprise versions 9.0.x antérieures à 9.0.2

References

Title

Publication Time

Tags

Bulletin de sécurité Splunk svd-2022-1102 du 02 novembre 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-1106 du 02 novembre 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-1104 du 02 novembre 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-1101 du 02 novembre 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-1113 du 02 novembre 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-1112 du 02 novembre 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-1109 du 02 novembre 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-1111 du 02 novembre 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-1103 du 02 novembre 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-1105 du 02 novembre 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-1110 du 02 novembre 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-1107 du 02 novembre 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-1108 du 02 novembre 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Splunk Enterprise versions 8.1.x ant\u00e9rieures \u00e0 8.1.12",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 8.2.x ant\u00e9rieures \u00e0 8.2.9",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Cloud Platform versions 9.0.x ant\u00e9rieures \u00e0 9.0.2211",
      "product": {
        "name": "Splunk Cloud Platform",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 9.0.x ant\u00e9rieures \u00e0 9.0.2",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-43566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43566"
    },
    {
      "name": "CVE-2022-43563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43563"
    },
    {
      "name": "CVE-2022-43571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43571"
    },
    {
      "name": "CVE-2022-43568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43568"
    },
    {
      "name": "CVE-2022-43569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43569"
    },
    {
      "name": "CVE-2022-43564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43564"
    },
    {
      "name": "CVE-2022-43561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43561"
    },
    {
      "name": "CVE-2022-43565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43565"
    },
    {
      "name": "CVE-2020-36518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
    },
    {
      "name": "CVE-2022-43572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43572"
    },
    {
      "name": "CVE-2022-43570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43570"
    },
    {
      "name": "CVE-2022-43567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43567"
    },
    {
      "name": "CVE-2022-43562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43562"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-986",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-11-03T00:00:00.000000"
    },
    {
      "description": "Correction num\u00e9ro de CVE : CVE-2022-36518 remplac\u00e9 par CVE-2020-36518",
      "revision_date": "2022-11-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Splunk. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0\ndistance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Splunk",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-1102 du 02 novembre 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1102.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-1106 du 02 novembre 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1106.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-1104 du 02 novembre 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1104.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-1101 du 02 novembre 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1101.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-1113 du 02 novembre 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1113.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-1112 du 02 novembre 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1112.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-1109 du 02 novembre 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1109.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-1111 du 02 novembre 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1111.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-1103 du 02 novembre 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1103.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-1105 du 02 novembre 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1105.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-1110 du 02 novembre 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1110.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-1107 du 02 novembre 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-1108 du 02 novembre 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1108.html"
    }
  ]
}

WID-SEC-W-2022-1950

Vulnerability from csaf_certbund - Published: 2022-11-02 23:00 - Updated: 2022-12-27 23:00

Summary

Splunk Enterprise: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Splunk Enterprise ausnutzen, um Code zur Ausführung zu bringen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren oder einen Denial of Service zu verursachen. Zur Ausnutzung einiger Schwachstellen ist eine Interaktion des Opfers notwendig.

Betroffene Betriebssysteme

- UNIX - Linux - Windows - Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Splunk Enterprise erm\u00f6glicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Splunk Enterprise ausnutzen, um Code zur Ausf\u00fchrung zu bringen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren oder einen Denial of Service zu verursachen. Zur Ausnutzung einiger Schwachstellen ist eine Interaktion des Opfers notwendig.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-1950 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1950.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-1950 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1950"
      },
      {
        "category": "external",
        "summary": "psytester Blog vom 2022-12-27",
        "url": "https://psytester.github.io/CVE-2022-43571_SPLUNK_RCE/"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2022-11-02",
        "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1101.html"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2022-11-02",
        "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1102.html"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2022-11-02",
        "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1103.html"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2022-11-02",
        "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1104.html"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2022-11-02",
        "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1105.html"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2022-11-02",
        "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1106.html"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2022-11-02",
        "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2022-11-02",
        "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1108.html"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2022-11-02",
        "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1109.html"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2022-11-02",
        "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1110.html"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2022-11-02",
        "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1111.html"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2022-11-02",
        "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1112.html"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2022-11-02",
        "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1113.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Splunk Enterprise: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2022-12-27T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:37:30.387+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2022-1950",
      "initial_release_date": "2022-11-02T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2022-11-02T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2022-11-03T23:00:00.000+00:00",
          "number": "2",
          "summary": "Schreibfehler korrigiert"
        },
        {
          "date": "2022-12-27T23:00:00.000+00:00",
          "number": "3",
          "summary": "PoC f\u00fcr CVE-2022-43571 aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Splunk Splunk Enterprise \u003c 8.1.12",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c 8.1.12",
                  "product_id": "T025214",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:8.1.12"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Splunk Splunk Enterprise \u003c 8.2.9",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c 8.2.9",
                  "product_id": "T025215",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:8.2.9"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Splunk Splunk Enterprise \u003c 9.0.2",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c 9.0.2",
                  "product_id": "T025216",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.0.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Splunk Enterprise"
          }
        ],
        "category": "vendor",
        "name": "Splunk"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-36518",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Code zur Ausf\u00fchrung zu bringen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren oder einen Denial of Service zu verursachen. Zur Ausnutzung einiger Schwachstellen ist eine Interaktion des Opfers notwendig."
        }
      ],
      "release_date": "2022-11-02T23:00:00.000+00:00",
      "title": "CVE-2020-36518"
    },
    {
      "cve": "CVE-2022-43561",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Code zur Ausf\u00fchrung zu bringen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren oder einen Denial of Service zu verursachen. Zur Ausnutzung einiger Schwachstellen ist eine Interaktion des Opfers notwendig."
        }
      ],
      "release_date": "2022-11-02T23:00:00.000+00:00",
      "title": "CVE-2022-43561"
    },
    {
      "cve": "CVE-2022-43562",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Code zur Ausf\u00fchrung zu bringen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren oder einen Denial of Service zu verursachen. Zur Ausnutzung einiger Schwachstellen ist eine Interaktion des Opfers notwendig."
        }
      ],
      "release_date": "2022-11-02T23:00:00.000+00:00",
      "title": "CVE-2022-43562"
    },
    {
      "cve": "CVE-2022-43563",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Code zur Ausf\u00fchrung zu bringen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren oder einen Denial of Service zu verursachen. Zur Ausnutzung einiger Schwachstellen ist eine Interaktion des Opfers notwendig."
        }
      ],
      "release_date": "2022-11-02T23:00:00.000+00:00",
      "title": "CVE-2022-43563"
    },
    {
      "cve": "CVE-2022-43564",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Code zur Ausf\u00fchrung zu bringen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren oder einen Denial of Service zu verursachen. Zur Ausnutzung einiger Schwachstellen ist eine Interaktion des Opfers notwendig."
        }
      ],
      "release_date": "2022-11-02T23:00:00.000+00:00",
      "title": "CVE-2022-43564"
    },
    {
      "cve": "CVE-2022-43565",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Code zur Ausf\u00fchrung zu bringen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren oder einen Denial of Service zu verursachen. Zur Ausnutzung einiger Schwachstellen ist eine Interaktion des Opfers notwendig."
        }
      ],
      "release_date": "2022-11-02T23:00:00.000+00:00",
      "title": "CVE-2022-43565"
    },
    {
      "cve": "CVE-2022-43566",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Code zur Ausf\u00fchrung zu bringen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren oder einen Denial of Service zu verursachen. Zur Ausnutzung einiger Schwachstellen ist eine Interaktion des Opfers notwendig."
        }
      ],
      "release_date": "2022-11-02T23:00:00.000+00:00",
      "title": "CVE-2022-43566"
    },
    {
      "cve": "CVE-2022-43567",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Code zur Ausf\u00fchrung zu bringen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren oder einen Denial of Service zu verursachen. Zur Ausnutzung einiger Schwachstellen ist eine Interaktion des Opfers notwendig."
        }
      ],
      "release_date": "2022-11-02T23:00:00.000+00:00",
      "title": "CVE-2022-43567"
    },
    {
      "cve": "CVE-2022-43568",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Code zur Ausf\u00fchrung zu bringen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren oder einen Denial of Service zu verursachen. Zur Ausnutzung einiger Schwachstellen ist eine Interaktion des Opfers notwendig."
        }
      ],
      "release_date": "2022-11-02T23:00:00.000+00:00",
      "title": "CVE-2022-43568"
    },
    {
      "cve": "CVE-2022-43569",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Code zur Ausf\u00fchrung zu bringen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren oder einen Denial of Service zu verursachen. Zur Ausnutzung einiger Schwachstellen ist eine Interaktion des Opfers notwendig."
        }
      ],
      "release_date": "2022-11-02T23:00:00.000+00:00",
      "title": "CVE-2022-43569"
    },
    {
      "cve": "CVE-2022-43570",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Code zur Ausf\u00fchrung zu bringen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren oder einen Denial of Service zu verursachen. Zur Ausnutzung einiger Schwachstellen ist eine Interaktion des Opfers notwendig."
        }
      ],
      "release_date": "2022-11-02T23:00:00.000+00:00",
      "title": "CVE-2022-43570"
    },
    {
      "cve": "CVE-2022-43571",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Code zur Ausf\u00fchrung zu bringen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren oder einen Denial of Service zu verursachen. Zur Ausnutzung einiger Schwachstellen ist eine Interaktion des Opfers notwendig."
        }
      ],
      "release_date": "2022-11-02T23:00:00.000+00:00",
      "title": "CVE-2022-43571"
    },
    {
      "cve": "CVE-2022-43572",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Code zur Ausf\u00fchrung zu bringen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren oder einen Denial of Service zu verursachen. Zur Ausnutzung einiger Schwachstellen ist eine Interaktion des Opfers notwendig."
        }
      ],
      "release_date": "2022-11-02T23:00:00.000+00:00",
      "title": "CVE-2022-43572"
    }
  ]
}

GSD-2022-43567

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-43567

Aliases

CVE-2022-43567

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-43567",
    "id": "GSD-2022-43567"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-43567"
      ],
      "details": "In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app.",
      "id": "GSD-2022-43567",
      "modified": "2023-12-13T01:19:31.477590Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "prodsec@splunk.com",
        "ID": "CVE-2022-43567",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Splunk Enterprise",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "8.1"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "8.2"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "9.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Splunk"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Danylo Dmytriiev (DDV_UA)"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-502",
                "lang": "eng",
                "value": "CWE-502 Deserialization of Untrusted Data"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html",
            "refsource": "MISC",
            "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html"
          },
          {
            "name": "https://research.splunk.com/application/baa41f09-df48-4375-8991-520beea161be/",
            "refsource": "MISC",
            "url": "https://research.splunk.com/application/baa41f09-df48-4375-8991-520beea161be/"
          }
        ]
      },
      "source": {
        "advisory": "SVD-2022-1107",
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.0.2",
                "versionStartIncluding": "9.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.2.9",
                "versionStartIncluding": "8.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.1.12",
                "versionStartIncluding": "8.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.0.2205",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "prodsec@splunk.com",
          "ID": "CVE-2022-43567"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-502"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://research.splunk.com/application/baa41f09-df48-4375-8991-520beea161be/",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Vendor Advisory"
              ],
              "url": "https://research.splunk.com/application/baa41f09-df48-4375-8991-520beea161be/"
            },
            {
              "name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-07-06T14:47Z",
      "publishedDate": "2022-11-04T23:15Z"
    }
  }
}

FKIE_CVE-2022-43567

Vulnerability from fkie_nvd - Published: 2022-11-04 23:15 - Updated: 2024-11-21 07:26

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
prodsec@splunk.com	https://research.splunk.com/application/baa41f09-df48-4375-8991-520beea161be/	Exploit, Vendor Advisory
prodsec@splunk.com	https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://research.splunk.com/application/baa41f09-df48-4375-8991-520beea161be/	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html	Vendor Advisory

Impacted products

Vendor	Product	Version
splunk	splunk	*
splunk	splunk	*
splunk	splunk	*
splunk	splunk_cloud_platform	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "697F9803-FC99-4149-A4E5-55A3A8CB1D18",
              "versionEndExcluding": "8.1.12",
              "versionStartIncluding": "8.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "07617B0C-3704-4DB5-B416-94B77A5C2EEE",
              "versionEndExcluding": "8.2.9",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "867EFF29-96B9-44EF-93CE-8E7DB77B086E",
              "versionEndExcluding": "9.0.2",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E99A24B-2F6D-4688-BAFA-8E40A5954875",
              "versionEndExcluding": "9.0.2205",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app.\n"
    },
    {
      "lang": "es",
      "value": "En las versiones de Splunk Enterprise inferiores a 8.2.9, 8.1.12 y 9.0.2, un usuario autenticado puede ejecutar comandos arbitrarios del sistema operativo de forma remota mediante el uso de solicitudes especialmente manipuladas para la funci\u00f3n de alertas m\u00f3viles en la aplicaci\u00f3n Splunk Secure Gateway."
    }
  ],
  "id": "CVE-2022-43567",
  "lastModified": "2024-11-21T07:26:48.057",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "prodsec@splunk.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-11-04T23:15:10.147",
  "references": [
    {
      "source": "prodsec@splunk.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://research.splunk.com/application/baa41f09-df48-4375-8991-520beea161be/"
    },
    {
      "source": "prodsec@splunk.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://research.splunk.com/application/baa41f09-df48-4375-8991-520beea161be/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html"
    }
  ],
  "sourceIdentifier": "prodsec@splunk.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "prodsec@splunk.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-768C-QX9V-R6H3

Vulnerability from github – Published: 2022-11-05 12:00 – Updated: 2022-11-09 12:00

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-43567"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-04T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app.",
  "id": "GHSA-768c-qx9v-r6h3",
  "modified": "2022-11-09T12:00:24Z",
  "published": "2022-11-05T12:00:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43567"
    },
    {
      "type": "WEB",
      "url": "https://research.splunk.com/application/baa41f09-df48-4375-8991-520beea161be"
    },
    {
      "type": "WEB",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-43567 (GCVE-0-2022-43567)

CERTFR-2022-AVI-986

Solution

CERTFR-2022-AVI-986

Solution

WID-SEC-W-2022-1950

GSD-2022-43567

FKIE_CVE-2022-43567

GHSA-768C-QX9V-R6H3

Tags

Sightings

Nomenclature