CVE-2022-37437 - OpenCVE

When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. The vulnerability only affects connections between Splunk Enterprise and an Ingest Actions Destination through Splunk Web and only applies to environments that have configured TLS certificate validation. It does not apply to Destinations configured directly in the outputs.conf configuration file. The vulnerability affects Splunk Enterprise version 9.0.0 and does not affect versions below 9.0.0, including the 8.1.x and 8.2.x versions.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Splunk	Splunk

Configuration 1 [-]

cpe:2.3:a:splunk:splunk:9.0.0:*:*:*:enterprise:*:*:*

No data.

References

Link	Providers
https://www.splunk.com/en_us/product-security/announcements/svd-2022-0801.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: Splunk

Published: 2022-08-16T19:50:29.832023Z

Updated: 2024-09-16T20:03:48.193Z

Reserved: 2022-08-05T00:00:00

Link: CVE-2022-37437

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-08-16T21:15:13.523

Modified: 2022-08-18T19:01:11.127

Link: CVE-2022-37437

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Splunk Enterprise", "vendor": "Splunk", "versions": [{"status": "affected", "version": "9.0.0"}]}], "credits": [{"lang": "en", "value": "Eric LaMothe at Splunk"}, {"lang": "en", "value": "Ali Mirheidari at Splunk"}], "datePublic": "2022-08-16T00:00:00", "descriptions": [{"lang": "en", "value": "When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. The vulnerability only affects connections between Splunk Enterprise and an Ingest Actions Destination through Splunk Web and only applies to environments that have configured TLS certificate validation. It does not apply to Destinations configured directly in the outputs.conf configuration file. The vulnerability affects Splunk Enterprise version 9.0.0 and does not affect versions below 9.0.0, including the 8.1.x and 8.2.x versions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-295", "description": "CWE-295", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-16T19:50:29", "orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0801.html"}], "source": {"advisory": "SVD-2022-0801", "defect": ["SPL-224209"], "discovery": "INTERNAL"}, "title": "Ingest Actions UI in Splunk Enterprise 9.0.0 disabled TLS certificate validation", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "prodsec@splunk.com", "DATE_PUBLIC": "2022-08-16T16:00:00.000Z", "ID": "CVE-2022-37437", "STATE": "PUBLIC", "TITLE": "Ingest Actions UI in Splunk Enterprise 9.0.0 disabled TLS certificate validation"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Splunk Enterprise", "version": {"version_data": [{"version_affected": "=", "version_name": "9.0", "version_value": "9.0.0"}]}}]}, "vendor_name": "Splunk"}]}}, "credit": [{"lang": "eng", "value": "Eric LaMothe at Splunk"}, {"lang": "eng", "value": "Ali Mirheidari at Splunk"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. The vulnerability only affects connections between Splunk Enterprise and an Ingest Actions Destination through Splunk Web and only applies to environments that have configured TLS certificate validation. It does not apply to Destinations configured directly in the outputs.conf configuration file. The vulnerability affects Splunk Enterprise version 9.0.0 and does not affect versions below 9.0.0, including the 8.1.x and 8.2.x versions."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-295"}]}]}, "references": {"reference_data": [{"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0801.html", "refsource": "CONFIRM", "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0801.html"}]}, "source": {"advisory": "SVD-2022-0801", "defect": ["SPL-224209"], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:29:21.033Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0801.html"}]}]}, "cveMetadata": {"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "assignerShortName": "Splunk", "cveId": "CVE-2022-37437", "datePublished": "2022-08-16T19:50:29.832023Z", "dateReserved": "2022-08-05T00:00:00", "dateUpdated": "2024-09-16T20:03:48.193Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:9.0.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "9A6A63F1-B7A3-4D3D-8366-29C38A5B48BD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. The vulnerability only affects connections between Splunk Enterprise and an Ingest Actions Destination through Splunk Web and only applies to environments that have configured TLS certificate validation. It does not apply to Destinations configured directly in the outputs.conf configuration file. The vulnerability affects Splunk Enterprise version 9.0.0 and does not affect versions below 9.0.0, including the 8.1.x and 8.2.x versions."}, {"lang": "es", "value": "Cuando son usadas Acciones de Ingesta para configurar un destino que reside en Amazon Simple Storage Service (S3) en Splunk Web, la comprobaci\u00f3n del certificado TLS no es lleva a cabo correctamente ni es comprobada para el destino. La vulnerabilidad s\u00f3lo afecta a las conexiones entre Splunk Enterprise y un destino de Ingest Actions por medio de Splunk Web y s\u00f3lo es aplicado a entornos que han configurado la comprobaci\u00f3n de certificados TLS. No es aplicado a destinos configurados directamente en el archivo de configuraci\u00f3n outputs.conf. La vulnerabilidad afecta a Splunk Enterprise versi\u00f3n 9.0.0 y no afecta a versiones anteriores a 9.0.0, incluyendo las versiones 8.1.x y 8.2.x."}], "id": "CVE-2022-37437", "lastModified": "2022-08-18T19:01:11.127", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "prodsec@splunk.com", "type": "Secondary"}]}, "published": "2022-08-16T21:15:13.523", "references": [{"source": "prodsec@splunk.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0801.html"}], "sourceIdentifier": "prodsec@splunk.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-295"}], "source": "prodsec@splunk.com", "type": "Secondary"}]}