Lucene search
HistoryNov 04, 2022 - 11:15 p.m.
CVE-2022-43569
splunk
enterprise
cve-2022-43569
xss
data model
security vulnerability
nvd
8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
24.8%
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting (XSS) in the object name of a Data Model.
Affected configurations
Node
splunksplunkRange8.1.0–8.1.12enterprise
ORsplunksplunkRange8.2.0–8.2.9enterprise
ORsplunksplunkRange9.0.0–9.0.2enterprise
ORsplunksplunk_cloud_platformRange<9.0.2209
CNA Affected
[
{
"defaultStatus": "affected",
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "8.1.12",
"status": "affected",
"version": "8.1",
"versionType": "custom"
},
{
"lessThan": "8.2.9",
"status": "affected",
"version": "8.2",
"versionType": "custom"
},
{
"lessThan": "9.0.2",
"status": "affected",
"version": "9.0",
"versionType": "custom"
}
]
}
]References
Social References
More
Related
nvd
nvd
CVE-2022-43569
2022-11-04 23:15:10
cvelist
cvelist
nessus
nessus
Splunk Enterprise 8.1 < 8.1.12, 8.2.0 < 8.2.9, 9.0.0 < 9.0.2 (SVD-2022-1109)
2022-11-03 00:00:00
prion
prion
Cross site scripting
2022-11-04 23:15:00
8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
24.8%
Related for CVE-2022-43569