CVE-2022-37437

When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. The vulnerability only affects connections between Splunk Enterprise and an Ingest Actions Destination through Splunk Web and only applies to environments that have configured TLS certificate validation. It does not apply to Destinations configured directly in the outputs.conf configuration file. The vulnerability affects Splunk Enterprise version 9.0.0 and does not affect versions below 9.0.0, including the 8.1.x and 8.2.x versions.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.splunk.com/en_us/product-security/announcements/svd-2022-0801.html	Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:splunk:splunk:9.0.0:*:*:*:enterprise:*:*:*

History

18 Aug 2022, 19:01

Type	Values Removed	Values Added
CPE		cpe:2.3:a:splunk:splunk:9.0.0::::enterprise:::
CWE		CWE-295
First Time		Splunk Splunk splunk
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
References	~~(CONFIRM) https://www.splunk.com/en_us/product-security/announcements/svd-2022-0801.html -~~	(CONFIRM) https://www.splunk.com/en_us/product-security/announcements/svd-2022-0801.html - Mitigation, Vendor Advisory

16 Aug 2022, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-08-16 21:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-37437

Mitre link : CVE-2022-37437

CVE.ORG link : CVE-2022-37437

JSON object : View

Products Affected

splunk

splunk

CWE

CWE-295

Improper Certificate Validation

{"id": "CVE-2022-37437", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "prodsec@splunk.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.2}]}, "published": "2022-08-16T21:15:13.523", "references": [{"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0801.html", "tags": ["Mitigation", "Vendor Advisory"], "source": "prodsec@splunk.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}, {"type": "Secondary", "source": "prodsec@splunk.com", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. The vulnerability only affects connections between Splunk Enterprise and an Ingest Actions Destination through Splunk Web and only applies to environments that have configured TLS certificate validation. It does not apply to Destinations configured directly in the outputs.conf configuration file. The vulnerability affects Splunk Enterprise version 9.0.0 and does not affect versions below 9.0.0, including the 8.1.x and 8.2.x versions."}, {"lang": "es", "value": "Cuando son usadas Acciones de Ingesta para configurar un destino que reside en Amazon Simple Storage Service (S3) en Splunk Web, la comprobaci\u00f3n del certificado TLS no es lleva a cabo correctamente ni es comprobada para el destino. La vulnerabilidad s\u00f3lo afecta a las conexiones entre Splunk Enterprise y un destino de Ingest Actions por medio de Splunk Web y s\u00f3lo es aplicado a entornos que han configurado la comprobaci\u00f3n de certificados TLS. No es aplicado a destinos configurados directamente en el archivo de configuraci\u00f3n outputs.conf. La vulnerabilidad afecta a Splunk Enterprise versi\u00f3n 9.0.0 y no afecta a versiones anteriores a 9.0.0, incluyendo las versiones 8.1.x y 8.2.x."}], "lastModified": "2022-08-18T19:01:11.127", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:9.0.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "9A6A63F1-B7A3-4D3D-8366-29C38A5B48BD"}], "operator": "OR"}]}], "sourceIdentifier": "prodsec@splunk.com"}