CVE-2022-32154

Name: CVE-2022-32154
Creator: NVD / NIST
Published: 2022-06-15T17:15:09.017+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.1/10EPSS 1.24%

Last modified Jun 17, 2026

CVE-2022-32154 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. EPSS estimates a 1.24% chance of exploitation in the next 30 days.

Description

Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will.

Metrics

CVSS 3.1

8.1/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

EPSS Probability

1.24%

65.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Splunk	Splunk	< 9.0
Splunk	Splunk Cloud Platform	< 8.2.2106

References

https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commandsMitigation, Vendor Advisory
https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/UpdatesRelease Notes, Vendor Advisory
https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/Mitigation, Vendor Advisory
https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/Mitigation, Vendor Advisory
https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/Mitigation, Vendor Advisory
https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.htmlVendor Advisory
https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commandsMitigation, Vendor Advisory
https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/UpdatesRelease Notes, Vendor Advisory
https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/Mitigation, Vendor Advisory
https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/Mitigation, Vendor Advisory
https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/Mitigation, Vendor Advisory
https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.htmlVendor Advisory

Timeline

Published: Jun 15, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-32154?

How severe is CVE-2022-32154?

CVE-2022-32154 has a CVSS score of 8.1/10 (HIGH severity). The EPSS model estimates a 1.24% probability of exploitation in the next 30 days.

How do I fix CVE-2022-32154?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-32154?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST