In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app.
References
Link | Resource |
---|---|
https://research.splunk.com/application/baa41f09-df48-4375-8991-520beea161be/ | Exploit Vendor Advisory |
https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Splunk
Published: 2022-11-04T22:21:50.819Z
Updated:
Reserved: 2022-10-20T18:37:09.182Z
Link: CVE-2022-43567
JSON object: View
NVD Information
Status : Modified
Published: 2022-11-04T23:15:10.147
Modified: 2023-11-07T03:53:56.563
Link: CVE-2022-43567
JSON object: View
Redhat Information
No data.
CWE