CVE-2022-32151

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 9.0 Splunk Cloud Platform versions prior to 8.2.2203

Description The issue concerns the httplib and urllib Python libraries in Splunk, which did not validate certificates using the certificate authority (CA) certificate stores by default. This has been addressed in newer versions where Python 3 client libraries now verify server certificates by default. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For Splunk Enterprise versions prior to 9.0, update to Splunk Enterprise version 9.0. For Splunk Enterprise, configure TLS host name validation for Splunk-to-Splunk communications by following the documentation at https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation to enable the remediation. For Splunk Cloud Platform versions prior to 8.2.2203, update to version 8.2.2203 or later.