Security Advisory

CVE-2022-43565

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-11-04 22:20:55

Last updated 2025-05-05 20:35:48

Assigner Splunk

State PUBLISHED

Description

In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation (JSON) lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser.

← Browse all CVEs View on cve.org ↗