Splunk announced the availability of out-of-band patches for Splunk Enterprise this week, including a serious vulnerability that could lead to arbitrary code execution.
The company employs Splunk Enterprise deployment servers to distribute configurations and content updates to multiple Enterprise instances, including forwarders, indexers, and search heads, in order to provide large data monitoring and search capabilities.
The newly resolved critical-severity vulnerability, identified as CVE-2022-32158 (CVSS 9.0), exists because Splunk Enterprise deployment servers prior to version 9.0 enabled clients to use the server to deploy forwarder bundles to other clients. With the release of Enterprise deployment server version 9.0, Splunk has rectified the issue, and users are encouraged to update their instances to this version or higher.
Read More: https://www.securityweek.com/critical-code-execution-vulnerability-patched-splunk-enterprise