CVE-2022-43562 Information

Description

In Splunk Enterprise versions below 8.1.12 8.2.9 and 9.0.2 Splunk Enterprise fails to properly validate and escape the Host header which could let a remote authenticated user conduct various attacks against the system including cross-site scripting and cache poisoning.

Reference

https://www.splunk.com/en_us/product-security/announcements/svd-2022-1102.html