{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Splunk Cloud Platform versions ant\u00e9rieures \u00e0 9.0.2209.3","product":{"name":"Splunk Cloud Platform","vendor":{"name":"Splunk","scada":false}}},{"description":"Splunk Add-on Builder versions ant\u00e9rieures \u00e0 4.1.2","product":{"name":"N/A","vendor":{"name":"Splunk","scada":false}}},{"description":"Splunk Enterprise versions 8.2.x ant\u00e9rieures \u00e0 8.2.10","product":{"name":"Splunk Enterprise","vendor":{"name":"Splunk","scada":false}}},{"description":"Splunk Enterprise versions 9.0.x ant\u00e9rieures \u00e0 9.0.4","product":{"name":"Splunk Enterprise","vendor":{"name":"Splunk","scada":false}}},{"description":"Splunk CloudConnect SDK versions ant\u00e9rieures \u00e0 3.1.3","product":{"name":"N/A","vendor":{"name":"Splunk","scada":false}}},{"description":"Splunk Enterprise versions 8.1.x ant\u00e9rieures \u00e0 8.1.13","product":{"name":"Splunk Enterprise","vendor":{"name":"Splunk","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2022-31129","url":"https://www.cve.org/CVERecord?id=CVE-2022-31129"},{"name":"CVE-2023-22940","url":"https://www.cve.org/CVERecord?id=CVE-2023-22940"},{"name":"CVE-2023-22938","url":"https://www.cve.org/CVERecord?id=CVE-2023-22938"},{"name":"CVE-2021-3517","url":"https://www.cve.org/CVERecord?id=CVE-2021-3517"},{"name":"CVE-2023-22942","url":"https://www.cve.org/CVERecord?id=CVE-2023-22942"},{"name":"CVE-2021-3537","url":"https://www.cve.org/CVERecord?id=CVE-2021-3537"},{"name":"CVE-2021-28957","url":"https://www.cve.org/CVERecord?id=CVE-2021-28957"},{"name":"CVE-2023-22936","url":"https://www.cve.org/CVERecord?id=CVE-2023-22936"},{"name":"CVE-2023-22934","url":"https://www.cve.org/CVERecord?id=CVE-2023-22934"},{"name":"CVE-2023-22937","url":"https://www.cve.org/CVERecord?id=CVE-2023-22937"},{"name":"CVE-2022-32212","url":"https://www.cve.org/CVERecord?id=CVE-2022-32212"},{"name":"CVE-2022-24785","url":"https://www.cve.org/CVERecord?id=CVE-2022-24785"},{"name":"CVE-2023-22933","url":"https://www.cve.org/CVERecord?id=CVE-2023-22933"},{"name":"CVE-2023-22932","url":"https://www.cve.org/CVERecord?id=CVE-2023-22932"},{"name":"CVE-2023-22935","url":"https://www.cve.org/CVERecord?id=CVE-2023-22935"},{"name":"CVE-2021-21419","url":"https://www.cve.org/CVERecord?id=CVE-2021-21419"},{"name":"CVE-2023-22931","url":"https://www.cve.org/CVERecord?id=CVE-2023-22931"},{"name":"CVE-2023-22943","url":"https://www.cve.org/CVERecord?id=CVE-2023-22943"},{"name":"CVE-2023-22941","url":"https://www.cve.org/CVERecord?id=CVE-2023-22941"},{"name":"CVE-2023-22939","url":"https://www.cve.org/CVERecord?id=CVE-2023-22939"},{"name":"CVE-2015-20107","url":"https://www.cve.org/CVERecord?id=CVE-2015-20107"},{"name":"CVE-2021-3518","url":"https://www.cve.org/CVERecord?id=CVE-2021-3518"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 Splunk\u00a0SVD-2023-0203 du 14 f\u00e9vrier 2023","url":"https://advisory.splunk.com/advisories/SVD-2023-0203"},{"title":"Bulletin de s\u00e9curit\u00e9 Splunk\u00a0SVD-2023-0210 du 14 f\u00e9vrier 2023","url":"https://advisory.splunk.com/advisories/SVD-2023-0210"},{"title":"Bulletin de s\u00e9curit\u00e9 Splunk\u00a0SVD-2023-0205 du 14 f\u00e9vrier 2023","url":"https://advisory.splunk.com/advisories/SVD-2023-0205"},{"title":"Bulletin de s\u00e9curit\u00e9 Splunk\u00a0SVD-2023-0202 du 14 f\u00e9vrier 2023","url":"https://advisory.splunk.com/advisories/SVD-2023-0202"},{"title":"Bulletin de s\u00e9curit\u00e9 Splunk\u00a0SVD-2023-0215 du 14 f\u00e9vrier 2023","url":"https://advisory.splunk.com/advisories/SVD-2023-0215"}],"reference":"CERTFR-2023-AVI-0142","revisions":[{"description":"Version initiale","revision_date":"2023-02-17T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"},{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Non sp\u00e9cifi\u00e9 par l'\u00e9diteur"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans <span\nclass=\"textit\">Splunk</span>. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une injection de code indirecte \u00e0 distance\n(XSS).\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0209 du 14 f\u00e9vrier 2023","url":"https://advisory.splunk.com/advisories/SVD-2023-0209"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0201 du 14 f\u00e9vrier 2023","url":"https://advisory.splunk.com/advisories/SVD-2023-0201"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0202 du 14 f\u00e9vrier 2023","url":null},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0213 du 14 f\u00e9vrier 2023","url":"https://advisory.splunk.com/advisories/SVD-2023-0213"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0207 du 14 f\u00e9vrier 2023","url":"https://advisory.splunk.com/advisories/SVD-2023-0207"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0212 du 14 f\u00e9vrier 2023","url":"https://advisory.splunk.com/advisories/SVD-2023-0212"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0206 du 14 f\u00e9vrier 2023","url":"https://advisory.splunk.com/advisories/SVD-2023-0206"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0210 du 14 f\u00e9vrier 2023","url":null},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0211 du 14 f\u00e9vrier 2023","url":"https://advisory.splunk.com/advisories/SVD-2023-0211"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0204 du 14 f\u00e9vrier 2023","url":"https://advisory.splunk.com/advisories/SVD-2023-0204"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0205 du 14 f\u00e9vrier 2023","url":null},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0215 du 14 f\u00e9vrier 2023","url":null},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0208 du 14 f\u00e9vrier 2023","url":"https://advisory.splunk.com/advisories/SVD-2023-0208"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0203 du 14 f\u00e9vrier 2023","url":null}]}