"Splunk Patches 9 High-Severity Vulnerabilities in Enterprise Product"

Splunk recently released patches for Splunk Enterprise, which include fixes for nine high-severity vulnerabilities.  The most severe of these security defects have a CVSS score of 8.8 and are described as remote code execution (RCE), XML external entity (XXE) injection, and reflected cross-site scripting (XSS) bugs.  The company stated that tracked as CVE-2022-43571 and CVE-2022-43567, the RCE vulnerabilities can be exploited by authenticated attackers to execute code via the dashboard PDF generation component or via crafted requests sent to the mobile alerts feature of the Splunk Secure Gateway app.  The company noted that the XXE injection vulnerability, CVE-2022-43570, can be exploited to cause Splunk Web to embed incorrect documents into an error.  The company noted that Splunk Enterprise versions with Splunk Web enabled are vulnerable to a reflected XSS (CVE-2022-43568).  Disabling Splunk Web mitigates this vulnerability.  With a CVSS score of 8.1, the next two high-severity vulnerabilities are described as risky command protection bypasses that can be exploited if the attacker phishes the victim by tricking them into initiating a request in the browser.  The first flaw is CVE-2022-43563, and the second issue is CVE-2022-43565.  The company also resolved a persistent XSS in the object name of a Data Model (CVE-2022-43569), a risky command safeguards bypass in the Analytics Workspace (CVE-2022-43566), and an indexing blockage or denial-of-service (DoS) condition in Splunk-to-Splunk (S2S) and HTTP Event Collector (HEC) protocols (CVE-2022-43572).  Additionally, Splunk resolved two medium-severity issues.  The company noted that all vulnerabilities have been resolved with the release of Splunk Enterprise versions 8.1.12, 8.2.9, and 9.0.2.

SecurityWeek reports: "Splunk Patches 9 High-Severity Vulnerabilities in Enterprise Product"