CVE-2022-32156Improper Certificate Validation in Enterprise

CWE-295Improper Certificate Validation3 documents3 sources
Severity
8.1HIGHNVD
EPSS
0.2%
top 59.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Splunk EnterpriseSplunk Universal ForwarderSplunk
Timeline
PublishedJun 15
Latest updateJun 16

Description

In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by default. After updating to version 9.0, see Configure TLS host name validation for the Splunk CLI https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_TLS_host_name_validation_for_the_Splunk_CLI to enable the remediation. The vulnerability does not affec

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages4 packages

CVEListV5splunk/universal_forwarder< 9.0.0
CVEListV5splunk/splunk_enterprise< 9.0.0
NVDsplunk/splunk< 9.0

🔴Vulnerability Details

2
GHSA
GHSA-775p-gpqh-xf63: In Splunk Enterprise and Universal Forwarder versions before 92022-06-16
CVEList
Splunk Enterprise and Universal Forwarder CLI connections lacked TLS cert validation2022-06-14
CVE-2022-32156 — Improper Certificate Validation | cvebase