CVE-2022-37437 — HIGH (7.4)

Vulnerability Description

When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. The vulnerability only affects connections between Splunk Enterprise and an Ingest Actions Destination through Splunk Web and only applies to environments that have configured TLS certificate validation. It does not apply to Destinations configured directly in the outputs.conf configuration file. The vulnerability affects Splunk Enterprise version 9.0.0 and does not affect versions below 9.0.0, including the 8.1.x and 8.2.x versions.

CVSS Score

7.4

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Splunk	Splunk	9.0.0

Related Weaknesses (CWE)

CWE-295

References

https://www.splunk.com/en_us/product-security/announcements/svd-2022-0801.htmlMitigationVendor Advisory
https://www.splunk.com/en_us/product-security/announcements/svd-2022-0801.htmlMitigationVendor Advisory

FAQ

What is CVE-2022-37437?

CVE-2022-37437 is a vulnerability with a CVSS score of 7.4 (HIGH). When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destinat...

How severe is CVE-2022-37437?

CVE-2022-37437 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-37437?

Check the references section above for vendor advisories and patch information. Affected products include: Splunk Splunk.