Multiple vulnerabilities in Splunk Enterprise
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2022-37438 CVE-2022-37437 |
| CWE-ID | CWE-200 CWE-295 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Splunk Enterprise Server applications / IDS/IPS systems, Firewalls and proxy servers |
| Vendor | Splunk Inc. |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU66546
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-37438
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to the way Splunk handles users' information within the application. A remote user can create a dashboard and gain access to sensitive information, such as usernames, emails and real names of application's users.
Install updates from vendor's website.
Vulnerable software versionsSplunk Enterprise: 8.1.0 - 9.0.0
External linkshttp://www.splunk.com/en_us/product-security/announcements/svd-2022-0802.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Certificate Validation
EUVDB-ID: #VU66545
Risk: Medium
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-37437
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to an error, related to usage of the Ingest Actions component via the user interface. When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. As a result, remote attacker can perform Man-in-the-Middle (MitM) attack.
Install updates from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0
External linkshttp://www.splunk.com/en_us/product-security/announcements/svd-2022-0801.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
