SB2022081634 - Multiple vulnerabilities in Splunk Enterprise

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2022-37438)

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to the way Splunk handles users' information within the application. A remote user can create a dashboard and gain access to sensitive information, such as usernames, emails and real names of application's users.

2) Improper Certificate Validation (CVE-ID: CVE-2022-37437)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to an error, related to usage of the Ingest Actions component via the user interface. When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. As a result, remote attacker can perform Man-in-the-Middle (MitM) attack.

Remediation

Install update from vendor's website.

References

• https://www.splunk.com/en_us/product-security/announcements/svd-2022-0802.html
• https://www.splunk.com/en_us/product-security/announcements/svd-2022-0801.html