Main Vulnerability Database Vulnerabilities #VU68949

#VU68949 XML External Entity injection in Splunk Enterprise - CVE-2022-43570

Published: November 2, 2022

Vulnerability identifier: #VU68949

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-43570

CWE-ID: CWE-611

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Splunk Enterprise

Software vendor:
Splunk Inc.

Description

The vulnerability allows a remote user to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied XML input passed via a custom View. A remote user can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.

Remediation

Install updates from vendor's website.

External links

https://www.splunk.com/en_us/product-security/announcements/svd-2022-1110.html

#VU68949 XML External Entity injection in Splunk Enterprise - CVE-2022-43570

Description

Remediation

External links

Please verify you're human