Security Experts:

Connect with us

Hi, what are you looking for?



Splunk Patches 9 High-Severity Vulnerabilities in Enterprise Product

Splunk announced on November 2 the release of a new set of quarterly patches for Splunk Enterprise, which include fixes for nine high-severity vulnerabilities.

Splunk announced on November 2 the release of a new set of quarterly patches for Splunk Enterprise, which include fixes for nine high-severity vulnerabilities.

The most severe of these security defects have a CVSS score of 8.8 and are described as remote code execution (RCE), XML external entity (XXE) injection, and reflected cross-site scripting (XSS) bugs.

Tracked as CVE-2022-43571 and CVE-2022-43567, the RCE vulnerabilities can be exploited by authenticated attackers to execute code via the dashboard PDF generation component or via crafted requests sent to the mobile alerts feature of the Splunk Secure Gateway app.

The XXE injection vulnerability, CVE-2022-43570, can be exploited to cause Splunk Web to embed incorrect documents into an error. A workaround for the flaw consists of disabling Splunk Web and restricting who can upload lookup files.

Splunk Enterprise versions with Splunk Web enabled are vulnerable to a reflected XSS (CVE-2022-43568) “via JavaScript Object Notation (JSON) in a query parameter when output_mode=radio”, Splunk says. Disabling Splunk Web mitigates this vulnerability.

With a CVSS score of 8.1, the next two high-severity vulnerabilities are described as risky command protection bypasses that can be exploited if the attacker phishes the victim by tricking them into initiating a request in the browser.

The first of the flaws (CVE-2022-43563) impacts the ‘rex’ search command’s handling of field names, while the second issue (CVE-2022-43565) was found in the ‘tstats’ command’s handling of JSON files.

Splunk also resolved a persistent XSS in the object name of a Data Model (CVE-2022-43569), a risky command safeguards bypass in the Analytics Workspace (CVE-2022-43566), and an indexing blockage or denial-of-service (DoS) condition in Splunk-to-Splunk (S2S) and HTTP Event Collector (HEC) protocols (CVE-2022-43572).

Additionally, Splunk resolved two medium-severity issues (DoS via crafted search macros and XSS via the ‘power’ Splunk role) and one low-severity flaw (remote, unauthenticated host header injection).

All vulnerabilities have been resolved with the release of Splunk Enterprise versions 8.1.12, 8.2.9, and 9.0.2. Additional details on these issues can be found on Splunk’s product security page.

The next quarterly security updates are scheduled for February 7, 2023.

Related: Quarterly Security Patches Released for Splunk Enterprise

Related: Critical Code Execution Vulnerability Patched in Splunk Enterprise

Related: SAP Patches Critical Vulnerabilities in Commerce, Manufacturing Execution Products

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.


Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.


Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.