{"cve":{"cve_id":"CVE-2022-43567","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.01194,"epss_percentile":0.64028,"epss_as_of":"2026-06-23","description":"In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app.\n","published_at":"2022-11-04T22:21:50.819000Z","last_modified_at":null,"cvss_v3_score":8.8,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":false,"ssvc_technical_impact":"total","cwes":["CWE-502"],"nvd_references":["https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html","https://research.splunk.com/application/baa41f09-df48-4375-8991-520beea161be/"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-29T01:21:07.499748Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"splunk","vendor_name":"Splunk","product_slug":"splunk-enterprise","product_name":"Splunk Enterprise","version_start":"8.1","version_start_inclusive":true,"version_end":"8.1.12","version_end_inclusive":false,"cpe23_uri":"cve5:splunk:splunk-enterprise:8.1:8.1.12"},{"vendor_slug":"splunk","vendor_name":"Splunk","product_slug":"splunk-enterprise","product_name":"Splunk Enterprise","version_start":"8.2","version_start_inclusive":true,"version_end":"8.2.9","version_end_inclusive":false,"cpe23_uri":"cve5:splunk:splunk-enterprise:8.2:8.2.9"},{"vendor_slug":"splunk","vendor_name":"Splunk","product_slug":"splunk-enterprise","product_name":"Splunk Enterprise","version_start":"9.0","version_start_inclusive":true,"version_end":"9.0.2","version_end_inclusive":false,"cpe23_uri":"cve5:splunk:splunk-enterprise:9.0:9.0.2"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html","source_type":"MISC","tags":[]},{"url":"https://research.splunk.com/application/baa41f09-df48-4375-8991-520beea161be/","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2022-11-04T22:21:50.819000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:24:10.832026Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:24:10.832026Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:24:10.832026Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T01:21:07.499748Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:21:07.499748Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:21:07.499748Z","label":"SSVC decision revised","source":"vulnrichment"}]}