Main Vulnerability Database Vulnerabilities #VU66545

#VU66545 Improper Certificate Validation in Splunk Enterprise - CVE-2022-37437

Published: August 16, 2022

Vulnerability identifier: #VU66545

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-37437

CWE-ID: CWE-295

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Splunk Enterprise

Software vendor:
Splunk Inc.

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to an error, related to usage of the Ingest Actions component via the user interface. When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. As a result, remote attacker can perform Man-in-the-Middle (MitM) attack.

Remediation

Install updates from vendor's website.

External links

https://www.splunk.com/en_us/product-security/announcements/svd-2022-0801.html

#VU66545 Improper Certificate Validation in Splunk Enterprise - CVE-2022-37437

Description

Remediation

External links

Please verify you're human