reports that numerous security vulnerabilities in Splunk Enterprise have been addressed by Splunk in out-of-band patches, one of which addresses a critical flaw that could be abused to facilitate the execution of arbitrary code
Attackers could exploit the vulnerability, tracked as CVE-2022-32158, in Splunk Enterprise deployment servers before version 9.0 to target a Universal Forwarder endpoint, which could then be exploited to allow arbitrary code execution on other server-connected endpoints. Splunk has also fixed other high-severity flaws, including CVE-2022-32157, which could enable unauthenticated forwarder bundle downloads in deployment servers earlier than version 9.0. "Though the vulnerability does not directly affect Universal Forwarders, remediation requires updating all Universal Forwarders that the deployment server manages to version 9.0 or higher prior to enabling the remediation," said Splunk, which emphasized that the flaws do not affect the Splunk Cloud Platform. Meanwhile, various TLS certificate validation issues that could be used in man-in-the-middle attacks have also been resolved.