{"containers": {"cna": {"affected": [{"product": "Splunk Enterprise", "vendor": "Splunk, Inc", "versions": [{"lessThan": "9.0", "status": "affected", "version": "9.0", "versionType": "custom"}]}, {"product": "Splunk Cloud Platform", "vendor": "Splunk, Inc", "versions": [{"lessThan": "8.2.2203", "status": "affected", "version": "8.2", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Chris Green at Splunk"}], "datePublic": "2022-06-14T00:00:00", "descriptions": [{"lang": "en", "value": "The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries now verify server certificates by default and use the appropriate CA certificate stores for each library. Apps and add-ons that include their own HTTP libraries are not affected. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-15T16:46:07", "orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0601.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_simplerequest/"}], "source": {"advisory": "SVD-2022-0601", "discovery": "INTERNAL"}, "title": "Splunk Enterprise disabled TLS validation using the CA certificate stores in Python 3 libraries by default", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "prodsec@splunk.com", "DATE_PUBLIC": "2022-06-14T11:55:00.000Z", "ID": "CVE-2022-32151", "STATE": "PUBLIC", "TITLE": "Splunk Enterprise disabled TLS validation using the CA certificate stores in Python 3 libraries by default"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Splunk Enterprise", "version": {"version_data": [{"version_affected": "<", "version_name": "9.0", "version_value": "9.0"}]}}, {"product_name": "Splunk Cloud Platform", "version": {"version_data": [{"version_affected": "<", "version_name": "8.2", "version_value": "8.2.2203"}]}}]}, "vendor_name": "Splunk, Inc"}]}}, "credit": [{"lang": "eng", "value": "Chris Green at Splunk"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries now verify server certificates by default and use the appropriate CA certificate stores for each library. Apps and add-ons that include their own HTTP libraries are not affected. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-295 Improper Certificate Validation"}]}]}, "references": {"reference_data": [{"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0601.html", "refsource": "CONFIRM", "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0601.html"}, {"name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation", "refsource": "CONFIRM", "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation"}, {"name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", "refsource": "CONFIRM", "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"}, {"name": "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_simplerequest/", "refsource": "CONFIRM", "url": "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_simplerequest/"}]}, "source": {"advisory": "SVD-2022-0601", "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:32:56.016Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0601.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_simplerequest/"}]}]}, "cveMetadata": {"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "assignerShortName": "Splunk", "cveId": "CVE-2022-32151", "datePublished": "2022-06-15T16:46:07.016591Z", "dateReserved": "2022-05-31T00:00:00", "dateUpdated": "2024-09-16T17:59:24.447Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "A6CE3B90-F8EF-4DC2-80FF-2B791F152037", "versionEndExcluding": "9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "B97CD36E-7ABF-4A2C-B844-D6C5CBBE673E", "versionEndExcluding": "8.2.2203", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries now verify server certificates by default and use the appropriate CA certificate stores for each library. Apps and add-ons that include their own HTTP libraries are not affected. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation."}, {"lang": "es", "value": "Las bibliotecas de Python httplib y urllib que Splunk envi\u00f3 con Splunk Enterprise no comprueban los certificados usando los almacenes de certificados de la autoridad de certificaci\u00f3n (CA) de forma predeterminada en Splunk Enterprise versiones anteriores a 9.0 y Splunk Cloud Platform versiones anteriores a 8.2.2203. Las bibliotecas de cliente de Python 3 ahora verifican los certificados del servidor por defecto y usan los almacenes de certificados de CA apropiados para cada biblioteca. Las aplicaciones y complementos que incluyen sus propias bibliotecas HTTP no est\u00e1n afectadas. Para Splunk Enterprise, actualice a versi\u00f3n 9.0 de Splunk Enterprise y configure la comprobaci\u00f3n del nombre de host TLS para las comunicaciones de Splunk a Splunk (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) para habilitar la correcci\u00f3n"}], "id": "CVE-2022-32151", "lastModified": "2022-06-24T01:24:08.687", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "prodsec@splunk.com", "type": "Secondary"}]}, "published": "2022-06-15T17:15:08.810", "references": [{"source": "prodsec@splunk.com", "tags": ["Vendor Advisory"], "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation"}, {"source": "prodsec@splunk.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"}, {"source": "prodsec@splunk.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_simplerequest/"}, {"source": "prodsec@splunk.com", "tags": ["Vendor Advisory"], "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0601.html"}], "sourceIdentifier": "prodsec@splunk.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-295"}], "source": "prodsec@splunk.com", "type": "Secondary"}]}

{}