CVE-2022-43562
Last modified
CVE-2022-43562 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site scripting and cache poisoning. . EPSS estimates a 0.41% chance of exploitation in the next 30 days.
Description
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site scripting and cache poisoning.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Splunk | Splunk | >= 8.1.0, < 8.1.12 |
| Splunk | Splunk | >= 8.2.0, < 8.2.9 |
| Splunk | Splunk | >= 9.0.0, < 9.0.2 |
| Splunk | Splunk Cloud Platform | < 9.0.2208 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-43562?
How severe is CVE-2022-43562?
How do I fix CVE-2022-43562?
Are you affected by CVE-2022-43562?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST