CVE-2022-32151
HIGHSplunk < 9.0 and Splunk Cloud Platform < 8.2.2203 - Improper Certificate Validation
Title source: llmDescription
The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries now verify server certificates by default and use the appropriate CA certificate stores for each library. Apps and add-ons that include their own HTTP libraries are not affected. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
https://www.splunk.com/en_us/product-security/announcements/svd-2022-0601.html
Vendor Advisory x_refsource_confirm
https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation
Release Notes, Vendor Advisory x_refsource_confirm
https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates
Mitigation, Vendor Advisory x_refsource_confirm
https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_simplerequest/
Scores
CVSS v3
7.4
EPSS
0.0020
EPSS Percentile
42.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-295
Status
published
Products (2)
splunk/splunk
< 9.0
splunk/splunk_cloud_platform
< 8.2.2203
Published
Jun 15, 2022
Tracked Since
Feb 18, 2026