cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-32712,https://securityvulnerability.io/vulnerability/CVE-2023-32712,Unauthenticated Log Injection in Splunk Enterprise,"In certain versions of Splunk Enterprise and Universal Forwarder, an attacker can exploit a vulnerability that allows for injection of ANSI escape codes into log files. If these logs are read by a vulnerable terminal application, it may lead to potential code execution. This exploitation requires user interaction to read the manipulated log file locally and may vary based on the permissions set in the terminal application. While more recent version configurations mitigate this risk, it’s crucial for users to assess their system settings and log handling practices to prevent possible unauthorized access.",Splunk,"Splunk Enterprise,Universal Forwarder",8.6,HIGH,0.000859999970998615,false,,false,false,false,,,false,false,,2023-06-01T17:15:00.000Z,0
CVE-2022-37439,https://securityvulnerability.io/vulnerability/CVE-2022-37439,Malformed ZIP file crashes Universal Forwarders and Splunk Enterprise through file monitoring input,"In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malformed file.",Splunk,"Splunk Enterprise,Universal Forwarders",5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-08-16T00:00:00.000Z,0
CVE-2022-32155,https://securityvulnerability.io/vulnerability/CVE-2022-32155,Universal Forwarder management services allows remote login by default,"In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allowRemoteLogin = never in server.conf OR mgmtHostPort = localhost in web.conf. See Configure universal forwarder management security (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) for more information on disabling the remote management services.",Splunk,Universal Forwarder,7.5,HIGH,0.0017000000225380063,false,,false,false,false,,,false,false,,2022-06-15T17:15:00.000Z,0
CVE-2022-32156,https://securityvulnerability.io/vulnerability/CVE-2022-32156,Splunk Enterprise and Universal Forwarder CLI connections lacked TLS cert validation,"In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by default. After updating to version 9.0, see  Configure TLS host name validation for the Splunk CLI https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_TLS_host_name_validation_for_the_Splunk_CLI  to enable the remediation. The vulnerability does not affect the Splunk Cloud Platform. At the time of publishing, we have no evidence of exploitation of this vulnerability by external parties.

The issue requires conditions beyond the control of a potential bad actor such as a machine-in-the-middle attack. Hence, Splunk rates the complexity of the attack as High. 

",Splunk,"Splunk Enterprise,Universal Forwarder",7.4,HIGH,0.002300000051036477,false,,false,false,false,,,false,false,,2022-06-15T17:15:00.000Z,0