CVE-2022-43567

high

Description

In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app.

References

https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html

https://research.splunk.com/application/baa41f09-df48-4375-8991-520beea161be/

Details

Source: Mitre, NVD

Published: 2022-11-04

Updated: 2023-11-07

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H