CVE-2022-32154Improper Input Validation in INC Splunk Cloud Platform

CWE-20Improper Input ValidationCWE-77Command Injection3 documents3 sources
Severity
8.1HIGHNVD
CNA6.8
EPSS
0.3%
top 47.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Splunk INC Splunk Cloud PlatformSplunk INC Splunk EnterpriseSplunk+1 more
Timeline
PublishedJun 15
Latest updateJun 16

Description

Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. N

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages4 packages

CVEListV5splunk_inc/splunk_enterprise9.09.0
CVEListV5splunk_inc/splunk_cloud_platform8.28.2.2106
NVDsplunk/splunk< 9.0

🔴Vulnerability Details

2
GHSA
GHSA-p25g-64wc-h88x: Dashboards in Splunk Enterprise versions before 92022-06-16
CVEList
Risky commands warnings in Splunk Enterprise Dashboards2022-06-15
CVE-2022-32154 — Improper Input Validation | cvebase