CVE-2022-43565
published 2022-11-04CVE-2022-43565: In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation (JSON) lets an attacker bypass SPL…
PriorityP348high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.60%
44.0th percentile
In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation (JSON) lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| splunk | splunk | >= 8.1.0 < 8.1.12 | 8.1.12 |
| splunk | splunk | >= 8.2.0 < 8.2.9 | 8.2.9 |
| splunk | splunk_cloud_platform | < 9.0.2203 | 9.0.2203 |
| splunk | splunk_enterprise | >= 8.1 < 8.1.12 | 8.1.12 |
| splunk | splunk_enterprise | >= 8.2 < 8.2.9 | 8.2.9 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-11-04
Published