CVE-2022-32158 SPlunk

Any idea on when the CVE CVE-2022-32158 for Splunk will get added to the Rapid7 database?

Looks like the software cves for splunk have never been added Product Security | Splunk

Is rapid7 supposed to get these in the database anytime soon. Is anyone seeing splunk software CVEs?

I have the same question. And when I checked the Db, Rapid7 never added splunk related vulnerabilities even though they have add-on plugin with Splunk. Interesting…

1 Like

Yes, I was checking the DB too and didnt see any. I thought my admin for splunk was crazY when he told me hes never seen any related to Splunk. So now my question is, is there some software Insightvm DOESNT Scan? Or did Rapid7 just forget CVES or are they in progress in getting the feed in the R7 DB but it intergrates with it?

Rapid7 usually has some in-scope software that they scan and those they dont support. It looks like Splunk is not in that list. I am actually on call with our Customer Success Manager. Let me ask.

Awesome, I was getting ready to put in case my self. lmk. Thanks!

They have no idea. I am going to send them the details of the Splunk vulnerabilities that were released last week and ask them for a detection signature.

okay. I put in the case as well asking for more details on how they scan software and which ones they scan; also if Splunk would be in that group.

1 Like

Did you get an update on this ? @vanessa_villalpando

1 Like

Hi @SCO
Yes, i did. Looks like they mentioned that ivm scanning covereage if it was scanned would be coverage page.

https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.rapid7.com%2Finsightvm%2Frecurring-vulnerability-coverage%2F&data=05%7C01%7Cvillalpandov17%40ecu.edu%7C0e402e8cd5d54a5b89eb08da59139fff%7C17143cbb385c4c45a36ac65b72e3eae8%7C0%7C0%7C637920238066706838%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=sROLKE4oWomeLp4%2BUf7z1JpbpVzvbA%2F%2BAtF3IWcwP7Y%3D&reserved=0

As Splunk is not on there, there is no guarantee that any particular Splunk-related vulnerability would be covered. We do sometimes still add checks for specific vulnerabilities, but that is done on a case by case basis depending on severity and customer demand. Accordingly, if you believe that this recent zero day should be covered by IVM, feel free to submit the CVE and I can file a request with our developers on your behalf.