CVE-2022-43567 HIGH

CVE-2022-43567: Remote Code Execution via the Splunk Secure Gateway application Mobile Alerts feature

Vendor Splunk

Product Splunk Enterprise

Weakness CWE-502 · Unsafe deserialization

Published November 4, 2022

Last update May 5, 2025

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app.

Key dates

02Disclosure timeline

November 4, 2022 CVE published

May 5, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-43567 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/502.html

Related vulnerabilities

Identifiers

CVE CVE-2022-43567

CWE CWE-502

CVSS 8.8 / HIGH

Affected versions

Vendor Splunk

Product Splunk Enterprise

Affected ≥ 8.1 and < 8.1.12

Vendor Splunk

Product Splunk Enterprise

Affected ≥ 8.2 and < 8.2.9

Vendor Splunk

Product Splunk Enterprise

Affected ≥ 9.0 and < 9.0.2

CVE-2022-43567: Remote Code Execution via the Splunk Secure Gateway application Mobile Alerts feature

01Description

02Disclosure timeline

03References

04Related CVE