Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-43563— Risky command safeguards bypass via rex search command field names in Splunk Enterprise

CVSS 8.1 · High EPSS 0.20% · P42
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-43563

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Risky command safeguards bypass via rex search command field names in Splunk Enterprise
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Splunk 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Splunk是美国Splunk公司的一套数据收集分析软件。该软件主要用于收集、索引和分析及其所产生的数据,包括所有IT系统和基础结构(物理、虚拟机和云)生成的数据。 Splunk Enterprise存在安全漏洞,该漏洞源于由于对HTTP请求来源的验证不充分。远程攻击者可以诱使受害者访问特制网页,并代表受害者在易受攻击的网站上执行任意操作,并使用搜索命令绕过SPL保护措施以获取风险命令,执行跨站请求伪造攻击。以下产品和版本受到影响:Splunk Enterprise 8.2.0至8.2.8版本、8.1.0
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
SplunkSplunk Enterprise 8.1 ~ 8.1.12 -

II. Public POCs for CVE-2022-43563

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-43563

Please Login to view more intelligence information

Same Patch Batch · Splunk · 2022-11-04 · 10 CVEs total

CVE-2022-435708.8 HIGHXML External Entity Injection through a custom View in Splunk Enterprise
CVE-2022-435688.8 HIGHReflected Cross-Site Scripting via the radio template in Splunk Enterprise
CVE-2022-435678.8 HIGHRemote Code Execution via the Splunk Secure Gateway application Mobile Alerts feature
CVE-2022-435658.1 HIGHRisky command safeguards bypass via ‘tstats command JSON in Splunk Enterprise
CVE-2022-435698.0 HIGHPersistent Cross-Site Scripting via a Data Model object name in Splunk Enterprise
CVE-2022-435727.5 HIGHIndexing blockage via malformed data sent through S2S or HEC protocols in Splunk Enterpris
CVE-2022-435667.3 HIGHRisky command safeguards bypass via Search ID query in Analytics Workspace in Splunk Enter
CVE-2022-435644.9 MEDIUMDenial of Service in Splunk Enterprise through search macros
CVE-2022-435623.0 LOWHost Header Injection in Splunk Enterprise

IV. Related Vulnerabilities

Same product: Splunk Enterprise
Same vendor: Splunk
Same weakness: CWE-20

V. Comments for CVE-2022-43563

No comments yet

Leave a comment