CVE-2022-32156— Splunk Enterprise and Universal Forwarder CLI connections lacked TLS cert validation

CVSS 8.1 · High EPSS 0.18% · P40 Updated Feb 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-32156

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Splunk Enterprise and Universal Forwarder CLI connections lacked TLS cert validation

Source: NVD (National Vulnerability Database)

Vulnerability Description

In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by default. After updating to version 9.0, see Configure TLS host name validation for the Splunk CLI https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_TLS_host_name_validation_for_the_Splunk_CLI to enable the remediation. The vulnerability does not affect the Splunk Cloud Platform. At the time of publishing, we have no evidence of exploitation of this vulnerability by external parties. The issue requires conditions beyond the control of a potential bad actor such as a machine-in-the-middle attack. Hence, Splunk rates the complexity of the attack as High.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

证书验证不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

Splunk 信任管理问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Splunk是美国Splunk公司的一套数据收集分析软件。该软件主要用于收集、索引和分析及其所产生的数据，包括所有IT系统和基础结构（物理、虚拟机和云）生成的数据。 Splunk Enterprise 9.0之前版本存在信任管理问题漏洞，该漏洞源于Splunk Enterprise 和 Universal Forwarder 在命令行界面连接缺少 TLS 证书验证。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Splunk	Splunk Enterprise	0 ~ 9.0.0	-
Splunk	Universal Forwarder	0 ~ 9.0.0	-

II. Public POCs for CVE-2022-32156

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-32156

请登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: Splunk Enterprise

Same vendor: Splunk

Same weakness: CWE-295

V. Comments for CVE-2022-32156

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-32156— Splunk Enterprise and Universal Forwarder CLI connections lacked TLS cert validation

I. Basic Information for CVE-2022-32156

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-32156

III. Intelligence Information for CVE-2022-32156

IV. Related Vulnerabilities

V. Comments for CVE-2022-32156

Leave a comment