Question 1

What is CVE-2022-43570?

Accepted Answer

CVE-2022-43570 is a high-severity software vulnerability (XML external entity (XXE)) with a CVSS score of 8.8. In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. The XXE injection causes Splunk Web to embed incorrect do

Question 2

Is CVE-2022-43570 being actively exploited?

Accepted Answer

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 1%.

Question 3

What products does CVE-2022-43570 affect?

Accepted Answer

Tracked products affected include Splunk Enterprise. Check the version you run to see whether it is affected.

Question 4

How do I fix CVE-2022-43570?

Accepted Answer

Apply the vendor fix promptly. Upgrade affected products to a fixed version.

CVE-2022-43570

Summary

Impact & exploitability

Affected products we track (1)

Recommendation

Additional information