CVE-2023-22943

MEDIUM Year: 2023
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-636
View all →

Vulnerability Description

In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs.

Related Vulnerabilities

CVE-2024-2660

MEDIUM
CVSS:6.4(Medium)

Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. This vulnerability, CVE-2024-2660, affects Vault and Va...

CWE-6362024

CVE-2021-3614

MEDIUM
CVSS:6.8(Medium)

A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo V...

CWE-6362021

CVE-2021-1578

HIGH
CVSS:8.8(High)

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, ...

CWE-6362021

CVE-2023-4030

HIGH
CVSS:7.8(High)

A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt.

CWE-6362023