Vulnerabilities > Splunk > Splunk Cloud Platform > 8.2.2203
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-11-04 | CVE-2022-43569 | Cross-site Scripting vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting (XSS) in the object name of a Data Model. | 5.4 |
2022-11-04 | CVE-2022-43570 | XXE vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. | 6.5 |
2022-11-04 | CVE-2022-43572 | Code Injection vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer results in a blockage or denial-of-service preventing further indexing. | 6.5 |
2022-11-03 | CVE-2022-43561 | Cross-site Scripting vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting (XSS). | 4.8 |
2022-11-03 | CVE-2022-43571 | Code Injection vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboard PDF generation component. | 8.8 |
2022-08-16 | CVE-2022-37438 | Unspecified vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. | 3.5 |