3 matches found
CVE-2022-32154
Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and...
CVE-2022-32154
Splunk Enterprise before 9.0 is affected by CVE-2022-32154 in its dashboards: an attacker could inject risky search commands into a form token used in a cross-origin query, bypassing SPL safeguards for risky commands. The issue is browser-based; exploitation depends on the attacker delivering a f...
CVE-2022-32154 Risky commands warnings in Splunk Enterprise Dashboards
Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and...