Author:
Category Cyber Security

CVE-2022-32158 (CVSSv3.1 9.0): Organisations running vulnerable instances of Splunk Enterprise deployment server, can allow clients to deploy forwarder bundles to other deployment clients through the deployment server. An attacker that compromises a Universal Forwarder endpoint could use this vulnerability to execute arbitary code on any Universal Forwarder endpoints subscribed to that deployment server.

Please see Splunks announcement for more information on this vulnerability. https://www.splunk.com/en_us/product-security/announcements/svd-2022-0608.html

CVE-2022-32157 (CVSSv3.1 7.5): Organisations running vulnerable instances of Splunk Enterprise deployment server, can allow unauthenticated downloading of forwarder bundles.

Please see Splunks announcement for more information on this vulnerability. https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html

The Splunk Cloud Platform (SCP) is not affected by either of these vulnerabilities. At the time of writing, there is no evidence that these vulnerabilities are being actively exploited by threat actors in the wild.

You must be logged in to post a comment.