advisory.splunk.com Open in urlscan Pro
2606:50c0:8001::153  Public Scan

Form analysis
0 forms found in the DOM

Text Content

 * Home
 * Security Advisories
 * Report a Vulnerability

Toggle menu

 * Home
 * Security Advisories
 * Report a Vulnerability


CRITICAL SECURITY ALERTS, QUARTERLY SECURITY PATCHES, AND THIRD PARTY BULLETINS

Subscribe to our RSS feed for Splunk Product Security announcements

Subscribe

 


CRITICAL SECURITY ALERTS, QUARTERLY SECURITY PATCHES, AND THIRD PARTY
BULLETINSPERMALINK

This page lists announcements of security fixes made in Critical Security
Alerts, Quarterly Security Patch Updates, and Third Party Bulletins. For all
Advisories, Announcements, and Bulletins, see the Security Advisories list.

 


CRITICAL SECURITY ALERTSPERMALINK

Splunk will publish out-of-band advisories for vulnerabilities that are
time-sensitive as soon as possible.

SVDDateTitleSeverityCVESVD-2022-06082022-08-16 Splunk Enterprise deployment
servers allow client publishing of forwarder bundlesCritical
CVE-2022-32158SVD-2022-06072022-08-16 Splunk Enterprise deployment servers allow
unauthenticated forwarder bundle downloadsHigh
CVE-2022-32157SVD-2022-06062022-06-14 Splunk Enterprise and Universal Forwarder
CLI connections lacked TLS certificate validationHigh
CVE-2022-32156SVD-2022-06052022-06-14 Universal Forwarder management services
allow remote login by defaultInfo CVE-2022-32155SVD-2022-06042022-06-14 Risky
commands warnings in Splunk Enterprise dashboardsMedium
CVE-2022-32154SVD-2022-06032022-06-14 Splunk Enterprise lacked TLS host name
certificate validationHigh CVE-2022-32153SVD-2022-06022022-06-14 Splunk
Enterprise lacked TLS certificate validation for Splunk-to-Splunk communication
by defaultHigh CVE-2022-32152SVD-2022-06012022-06-14 Splunk Enterprise disabled
TLS validation using the CA certificate stores in Python 3 libraries by
defaultHigh CVE-2022-32151SVD-2022-03012022-03-24 Indexer denial-of-service via
malformed S2S requestHigh CVE-2021-3422

 


QUARTERLY SECURITY PATCH UPDATESPERMALINK

Security Updates are collections of security fixes for supported versions of
Splunk products. We plan to create Security Patch Updates and make them
available through scheduled cloud releases or on-premises maintenance releases
for supported versions of Splunk products at the time of the quarterly advisory
disclosure. When patches can not be backported due to technical feasibility or
otherwise, we will publish mitigation and additional compensating control
guidance.

Security Patch Updates are published quarterly in February, June, August and
November. Customers are encouraged to sign up for our RSS feed to receive a
notification when advisories have been published.

SVDDateTitleSeverityCVESVD-2023-06122023-06-01 Role-based Access Control (RBAC)
Bypass on '/services/indexing/preview' REST Endpoint Can Overwrite Search
ResultsMedium CVE-2023-32717SVD-2023-06112023-06-01 Denial of Service via the
'dump' SPL commandMedium CVE-2023-32716SVD-2023-06102023-06-01 Self Cross-Site
Scripting (XSS) on Splunk App for Lookup File EditingMedium
CVE-2023-32715SVD-2023-06092023-06-01 Information Disclosure via the
‘copyresults’ SPL CommandMedium CVE-2023-32710SVD-2023-06082023-06-01 Path
Traversal in Splunk App for Lookup File EditingHigh
CVE-2023-32714SVD-2023-06072023-06-01 Local Privilege Escalation via the
‘streamfwd’ program in Splunk App for StreamHigh
CVE-2023-32713SVD-2023-06062023-06-01 Unauthenticated Log Injection on
'/var/log/splunk/web_service.log' Log FileLow
CVE-2023-32712SVD-2023-06052023-06-01 Persistent Cross-Site Scripting (XSS)
through a URL Validation Bypass within a Dashboard ViewMedium
CVE-2023-32711SVD-2023-06042023-06-01 Low-privileged User can View Hashed
Default Splunk PasswordMedium CVE-2023-32709SVD-2023-06032023-06-01 HTTP
Response Splitting via the ‘rest’ SPL CommandHigh
CVE-2023-32708SVD-2023-06022023-06-01 ‘edit_user’ Capability Privilege
EscalationHigh CVE-2023-32707SVD-2023-06012023-06-01 Denial Of Service due to
Untrusted XML Tag in XML Parser within SAML AuthenticationHigh
CVE-2023-32706SVD-2023-02132023-02-14 Modular Input REST API Requests Connect
via HTTP after Certificate Validation Failure in Splunk Add-on Builder and
Splunk CloudConnect SDKMedium CVE-2023-22943SVD-2023-02122023-02-14 Cross-Site
Request Forgery in the ‘ssg/kvstore_client’ REST Endpoint in Splunk
EnterpriseMedium CVE-2023-22942SVD-2023-02112023-02-14 Improperly Formatted
‘INGEST_EVAL’ Parameter Crashes Splunk DaemonMedium
CVE-2023-22941SVD-2023-02102023-02-14 SPL Command Safeguards Bypass via the
‘collect’ SPL Command Aliases in Splunk EnterpriseMedium
CVE-2023-22940SVD-2023-02092023-02-14 SPL Command Safeguards Bypass via the
‘map’ SPL Command in Splunk EnterpriseHigh CVE-2023-22939SVD-2023-02082023-02-14
Permissions Validation Failure in the ‘sendemail’ REST API Endpoint in Splunk
EnterpriseMedium CVE-2023-22938SVD-2023-02072023-02-14 Unnecessary File
Extensions Allowed by Lookup Table Uploads in Splunk EnterpriseMedium
CVE-2023-22937SVD-2023-02062023-02-14 Authenticated Blind Server Side Request
Forgery via the ‘search_listener’ Search Parameter in Splunk EnterpriseMedium
CVE-2023-22936SVD-2023-02052023-02-14 SPL Command Safeguards Bypass via the
‘display.page.search.patterns.sensitivity’ Search Parameter in Splunk
EnterpriseHigh CVE-2023-22935SVD-2023-02042023-02-14 SPL Command Safeguards
Bypass via the ‘pivot’ SPL Command in Splunk EnterpriseHigh
CVE-2023-22934SVD-2023-02032023-02-14 Persistent Cross-Site Scripting through
the ‘module’ Tag in a View in Splunk EnterpriseHigh
CVE-2023-22933SVD-2023-02022023-02-14 Persistent Cross-Site Scripting through a
Base64-encoded Image in a View in Splunk EnterpriseHigh
CVE-2023-22932SVD-2023-02012023-02-14 ‘createrss’ External Search Command
Overwrites Existing RSS Feeds in Splunk EnterpriseMedium
CVE-2023-22931SVD-2022-11122022-11-02 Indexing blockage via malformed data sent
through S2S or HEC protocols in Splunk EnterpriseHigh
CVE-2022-43572SVD-2022-11112022-11-02 Remote Code Execution through dashboard
PDF generation component in Splunk EnterpriseHigh
CVE-2022-43571SVD-2022-11102022-11-02 XML External Entity Injection through a
custom View in Splunk EnterpriseHigh CVE-2022-43570SVD-2022-11092022-11-02
Persistent Cross-Site Scripting via a Data Model object name in Splunk
EnterpriseHigh CVE-2022-43569SVD-2022-11082022-11-02 Reflected Cross-Site
Scripting via the radio template in Splunk EnterpriseHigh
CVE-2022-43568SVD-2022-11072022-11-02 Remote Code Execution via the Splunk
Secure Gateway application Mobile Alerts featureHigh
CVE-2022-43567SVD-2022-11062022-11-02 Risky command safeguards bypass via Search
ID query in Analytics Workspace in Splunk EnterpriseHigh
CVE-2022-43566SVD-2022-11052022-11-02 Risky command safeguards bypass via
‘tstats’ command JSON in Splunk EnterpriseHigh
CVE-2022-43565SVD-2022-11042022-11-02 Denial of Service in Splunk Enterprise
through search macrosMedium CVE-2022-43564SVD-2022-11032022-11-02 Risky command
safeguards bypass via 'rex' search command field names in Splunk EnterpriseHigh
CVE-2022-43563SVD-2022-11022022-11-02 Host Header Injection in Splunk
EnterpriseLow CVE-2022-43562SVD-2022-11012022-11-02 Persistent Cross-Site
Scripting in “Save Table” Dialog in Splunk EnterpriseMedium
CVE-2022-43561SVD-2022-08032022-08-16 Malformed ZIP file crashes Universal
Forwarders and Splunk Enterprise through file monitoring inputMedium
CVE-2022-37439SVD-2022-08022022-08-16 Information disclosure via the dashboard
drilldown in Splunk EnterpriseLow CVE-2022-37438SVD-2022-08012022-08-16 Ingest
Actions UI in Splunk Enterprise 9.0.0 disabled TLS certificate validationHigh
CVE-2022-37437SVD-2022-05072022-05-03 Error message discloses internal
pathMedium CVE-2022-26070SVD-2022-05062022-05-03 Path Traversal in search
parameter results in external content injectionHigh
CVE-2022-26889SVD-2022-05052022-05-03 Reflected XSS in a query parameter of the
Monitoring ConsoleHigh CVE-2022-27183SVD-2022-05042022-05-03 Bypass of Splunk
Enterprise's implementation of DUO MFAHigh CVE-2021-26253SVD-2022-05032022-05-03
S2S TcpToken authentication bypass High CVE-2021-31559SVD-2022-05022022-05-03
Username enumeration through lockout message in REST APIMedium
CVE-2021-33845SVD-2022-05012022-05-03 Local privilege escalation via a default
path in Splunk Enterprise WindowsHigh CVE-2021-42743

 


THIRD-PARTY BULLETINSPERMALINK

Third-Party Bulletins announce security patches for third-party software. Splunk
publishes Third Party Bulletins on the same day as Critical Security Alerts or
Quarterly Security Patch Updates.

SVDDateTitleSeverityCVESVD-2023-06152023-06-01 June Third Party Package Updates
in Splunk CloudHigh MultipleSVD-2023-06142023-06-01 June Third Party Package
Updates in Splunk Universal ForwardersCritical MultipleSVD-2023-06132023-06-01
June Third Party Package Updates in Splunk EnterpriseHigh
MultipleSVD-2023-02152023-02-14 February Third Party Package Updates in Splunk
EnterpriseHigh MultipleSVD-2023-02142023-02-14 Splunk Response to the Apache
Software Foundation Publishing a Vulnerability on Apache Commons Text
(CVE-2022-42889) (Text4Shell)Informational CVE-2022-42889SVD-2022-11132022-11-02
November Third Party Package updates in Splunk EnterpriseHigh CVE-2020-36518,
CVE-2021-32036SVD-2022-11142022-11-01 Splunk’s response to OpenSSL’s
CVE-2022-3602 and CVE-2022-3786High CVE-2022-3602,
CVE-2022-3786SVD-2022-08042022-08-16 August Third Party Package updates in
Splunk Enterprise and Universal ForwardersMedium MultipleSVD-2021-12012021-12-10
Splunk Security Advisory for Apache Log4j (CVE-2021-44228, CVE-2021-45046 and
others)Critical CVE-2021-44228, CVE-2021-45046

 


POLICY ON INFORMATION PROVIDED IN CRITICAL SECURITY ALERT AND SECURITY PATCH
UPDATESPERMALINK

Splunk continuously monitors for vulnerabilities discovered through scans,
offensive exercises, employees or externally reported by vendors or researchers.
Splunk follows industry best practices to discover and remediate
vulnerabilities. To report a security vulnerability, please submit to the
Security Vulnerability Submission Portal.

Splunk will not provide additional information about the specifics of
vulnerabilities beyond what is provided in the Critical Security Alert or the
Security Patch Update. Splunk does not distribute active exploit code (i.e.
proof of concept code) for vulnerabilities in our products.

 


APPLICABILITY OF CRITICAL SECURITY ALERTS AND QUARTERLY SECURITY
UPDATESPERMALINK

The Splunk teams regularly evaluate Critical Security Alerts, Quarterly Security
Patch Updates and Third Party bulletins as they become available and apply the
relevant patches in accordance with applicable change management processes.

Customers requiring additional information that is not addressed in the Critical
Patch Update Advisory may obtain information by going to the Support Portal and
submitting a New Case.

 * Email
 * RSS Feed
 * Support

© 2005 - 2023 Splunk Inc. All rights reserved.
Legal     Privacy     Website Terms of Use