Vulnerability Details CVE-2022-43571
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboard PDF generation component.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.264
EPSS Ranking 96.1%
CVSS Severity
CVSS v3 Score 8.8
References
- https://research.splunk.com/application/b06b41d7-9570-4985-8137-0784f582a1b3/
- https://www.splunk.com/en_us/product-security/announcements/svd-2022-1111.html
- https://research.splunk.com/application/b06b41d7-9570-4985-8137-0784f582a1b3/
- https://www.splunk.com/en_us/product-security/announcements/svd-2022-1111.html
Products affected by CVE-2022-43571
-
cpe:2.3:a:splunk:splunk:8.1.0
-
cpe:2.3:a:splunk:splunk:8.1.1
-
cpe:2.3:a:splunk:splunk:8.1.2
-
cpe:2.3:a:splunk:splunk:8.1.4
-
cpe:2.3:a:splunk:splunk:8.1.5
-
cpe:2.3:a:splunk:splunk:8.1.6
-
cpe:2.3:a:splunk:splunk:8.1.7
-
cpe:2.3:a:splunk:splunk:8.2.0
-
cpe:2.3:a:splunk:splunk:9.0.0
-
cpe:2.3:a:splunk:splunk_cloud_platform:-
-
cpe:2.3:a:splunk:splunk_cloud_platform:8.1.2103
-
cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2105
-
cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2106
-
cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2107
-
cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2109
-
cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2111
-
cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2112
-
cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2201
-
cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2202
-
cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2203