On November 2, Splunk announced the availability of a new batch of quarterly patches for Splunk Enterprise that fix nine high-severity vulnerabilities. With a CVSS score of 8.8, the most serious security flaws are remote code execution, XML external entity injection, and mirrored cross-site scripting issues.
The dashboard PDF generation component of the Splunk Secure Gateway app or specially crafted requests made to the mobile alerts feature can be used by authorised attackers to execute code and are tracked as CVE-2022-43571 and CVE-2022-43567. Read More…