CVE-2022-32154

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 9.0

Description The issue allows an attacker to inject risky search commands into a form token when the token is used in a query in a cross-origin request, bypassing SPL safeguards for risky commands. This is a browser-based attack and cannot be exploited at will.

Recommendations For versions prior to 9.0, update to version 9.0 or later to resolve the issue. As a temporary workaround, consider limiting access to custom and potentially risky commands using the new capabilities provided in version 9.0.