Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Splunk Patches 9 High-Severity Vulnerabilities in Enterprise Product

Splunk announced on November 2 the release of a new set of quarterly patches for Splunk Enterprise, which include fixes for nine high-severity vulnerabilities.

Splunk announced on November 2 the release of a new set of quarterly patches for Splunk Enterprise, which include fixes for nine high-severity vulnerabilities.

The most severe of these security defects have a CVSS score of 8.8 and are described as remote code execution (RCE), XML external entity (XXE) injection, and reflected cross-site scripting (XSS) bugs.

Tracked as CVE-2022-43571 and CVE-2022-43567, the RCE vulnerabilities can be exploited by authenticated attackers to execute code via the dashboard PDF generation component or via crafted requests sent to the mobile alerts feature of the Splunk Secure Gateway app.

The XXE injection vulnerability, CVE-2022-43570, can be exploited to cause Splunk Web to embed incorrect documents into an error. A workaround for the flaw consists of disabling Splunk Web and restricting who can upload lookup files.

Splunk Enterprise versions with Splunk Web enabled are vulnerable to a reflected XSS (CVE-2022-43568) “via JavaScript Object Notation (JSON) in a query parameter when output_mode=radio”, Splunk says. Disabling Splunk Web mitigates this vulnerability.

With a CVSS score of 8.1, the next two high-severity vulnerabilities are described as risky command protection bypasses that can be exploited if the attacker phishes the victim by tricking them into initiating a request in the browser.

The first of the flaws (CVE-2022-43563) impacts the ‘rex’ search command’s handling of field names, while the second issue (CVE-2022-43565) was found in the ‘tstats’ command’s handling of JSON files.

Splunk also resolved a persistent XSS in the object name of a Data Model (CVE-2022-43569), a risky command safeguards bypass in the Analytics Workspace (CVE-2022-43566), and an indexing blockage or denial-of-service (DoS) condition in Splunk-to-Splunk (S2S) and HTTP Event Collector (HEC) protocols (CVE-2022-43572).

Advertisement. Scroll to continue reading.

Additionally, Splunk resolved two medium-severity issues (DoS via crafted search macros and XSS via the ‘power’ Splunk role) and one low-severity flaw (remote, unauthenticated host header injection).

All vulnerabilities have been resolved with the release of Splunk Enterprise versions 8.1.12, 8.2.9, and 9.0.2. Additional details on these issues can be found on Splunk’s product security page.

The next quarterly security updates are scheduled for February 7, 2023.

Related: Quarterly Security Patches Released for Splunk Enterprise

Related: Critical Code Execution Vulnerability Patched in Splunk Enterprise

Related: SAP Patches Critical Vulnerabilities in Commerce, Manufacturing Execution Products

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Former Darktrace CEO Poppy Gustafsson has joined the UK government as Minister for Investment.

Nupur Goyal has joined cloud identity security and management solutions provider Saviynt as VP of Product Marketing.

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.