PT-2022-23996 · Amazon+1 · Amazon S3+1
Ali Mirheidari
+1
·
Published
2022-08-16
·
Updated
2022-08-18
·
CVE-2022-37437
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Splunk Enterprise version 9.0.0
Description
The issue arises when using Ingest Actions to configure a destination on Amazon Simple Storage Service (S3) in Splunk Web, where TLS certificate validation is not correctly performed. This affects connections between Splunk Enterprise and an Ingest Actions Destination through Splunk Web, specifically in environments with configured TLS certificate validation. It does not impact destinations configured directly in the outputs.conf configuration file.
Recommendations
For Splunk Enterprise version 9.0.0, consider disabling the use of Ingest Actions for configuring S3 destinations in Splunk Web until a fix is available, and instead, configure destinations directly in the outputs.conf configuration file to bypass the vulnerability.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Amazon S3
Splunk Enterprise