CVE-2022-43570

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents into an error.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.splunk.com/en_us/product-security/announcements/svd-2022-1110.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk_cloud_platform::::::::

History

07 Nov 2023, 03:53

Type	Values Removed	Values Added
Summary	In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents into an error.	In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents into an error.

08 Nov 2022, 19:43

Type	Values Removed	Values Added
CWE		CWE-611
First Time		Splunk Splunk splunk Splunk splunk Cloud Platform
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5
References	~~(MISC) https://www.splunk.com/en_us/product-security/announcements/svd-2022-1110.html -~~	(MISC) https://www.splunk.com/en_us/product-security/announcements/svd-2022-1110.html - Vendor Advisory
CPE		cpe:2.3:a:splunk:splunk_cloud_platform:::::::: cpe:2.3:a:splunk:splunk:::::enterprise:::*

04 Nov 2022, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-11-04 23:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-43570

Mitre link : CVE-2022-43570

CVE.ORG link : CVE-2022-43570

JSON object : View

Products Affected

splunk

splunk_cloud_platform
splunk

CWE

CWE-611

Improper Restriction of XML External Entity Reference

{"id": "CVE-2022-43570", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "prodsec@splunk.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-11-04T23:15:10.330", "references": [{"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1110.html", "tags": ["Vendor Advisory"], "source": "prodsec@splunk.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-611"}]}, {"type": "Secondary", "source": "prodsec@splunk.com", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents into an error.\n"}, {"lang": "es", "value": "En las versiones de Splunk Enterprise inferiores a 8.1.12, 8.2.9 y 9.0.2, un usuario autenticado puede realizar una inyecci\u00f3n de entidad externa (XXE) en lenguaje de marcado extensible (XML) a trav\u00e9s de una Vista personalizada. La inyecci\u00f3n XXE hace que Splunk Web incruste documentos incorrectos en un error."}], "lastModified": "2023-11-07T03:53:56.777", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "697F9803-FC99-4149-A4E5-55A3A8CB1D18", "versionEndExcluding": "8.1.12", "versionStartIncluding": "8.1.0"}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "07617B0C-3704-4DB5-B416-94B77A5C2EEE", "versionEndExcluding": "8.2.9", "versionStartIncluding": "8.2.0"}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "867EFF29-96B9-44EF-93CE-8E7DB77B086E", "versionEndExcluding": "9.0.2", "versionStartIncluding": "9.0.0"}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC797D87-1EA7-4C9E-BA2E-910408592511", "versionEndExcluding": "9.0.2209"}], "operator": "OR"}]}], "sourceIdentifier": "prodsec@splunk.com"}