Severity: Critical
CVSS Score: 5.9
The version of Splunk installed on the remote host is prior to 9.0. It is, therefore, affected by multiple vulnerabilities. - The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0. Python 3 client libraries now verify server certificates by default and use the appropriate CA certificate stores for each library. Apps and add-ons that include their own HTTP libraries are not affected. (CVE-2022-32151) - Splunk Enterprise peers in Splunk Enterprise versions before 9.0 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. (CVE-2022-32152, CVE-2022-32153) - Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. Note that the attack is browser-based and an attacker cannot exploit it at will. (CVE-2022-32154) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.