Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 04/11/2022 Updated: 07/11/2023

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the malicious user to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will.

Vulnerable Product	Search on Vulmon	Subscribe to Product
splunk splunk
splunk splunk cloud platform

NVD-CWE-Other https://www.splunk.com/en_us/product-security/announcements/svd-2022-1103.html https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-43563

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect