CVE-2022-37437Improper Certificate Validation in Enterprise

CWE-295Improper Certificate Validation3 documents3 sources
Severity
9.8CRITICALNVD
CNA7.4
EPSS
0.2%
top 59.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Splunk EnterpriseSplunk
Timeline
PublishedAug 16
Latest updateAug 17

Description

When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. The vulnerability only affects connections between Splunk Enterprise and an Ingest Actions Destination through Splunk Web and only applies to environments that have configured TLS certificate validation. It does not apply to Destinations configured directly in the outputs.conf configuration fil

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5splunk/splunk_enterprise9.0.0
NVDsplunk/splunk9.0.0

🔴Vulnerability Details

2
GHSA
GHSA-78pp-wpm2-456q: When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is n2022-08-17
CVEList
Ingest Actions UI in Splunk Enterprise 9.0.0 disabled TLS certificate validation2022-08-16
CVE-2022-37437 — Improper Certificate Validation | cvebase