vulnerability
Splunk: CVE-2022-32153: Splunk Enterprise lacked TLS host name certificate validation
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Jun 14, 2022 | Apr 7, 2025 | Oct 8, 2025 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Jun 14, 2022
Added
Apr 7, 2025
Modified
Oct 8, 2025
Description
Communications between Splunk nodes and trusted hosts lacked TLS certificate host name validation in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. The vulnerability requires compromising a valid certificate within the certificate authority (CA) chain for the specific customer environment or a trusted machine’s chain prior to performing a machine-in-the-middle attack. For Splunk Enterprise, update to Splunk Enterprise version 9.0 or higher andConfigure TLS host name validationto enable the remediation. At the time of publishing, we have no evidence of exploitation of this vulnerability by external parties.
Solution
splunk-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.