QID 378041

Date Published: 2023-04-05

QID 378041: Splunk Enterprise S2S TCP Token Vulnerability (SVD-2022-0503)

A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders.

Affected Versions:
Splunk Enterprise 8.1.4 and earlier
Splunk Enterprise 8.2.0

QID Detection Logic(Authenticated)
It checks for vulnerable version of Splunk Enterprise

The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders.

CVSS V3 rated as High - 7.5 severity.

CVSS V2 rated as Medium - 5 severity.

Solution

Vendor has released updated versions to fix these vulnerabilities. Please refer SVD-2022-0503

Vendor References

SVD-2022-0503 - advisory.splunk.com/advisories/SVD-2022-0503

CVEs related to QID 378041

CVE-2021-31559 |

Software Advisories

Advisory ID	Software	Component	Link
SVD-2022-0503			advisory.splunk.com/advisories/SVD-2022-0503

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].