cve-2022-32157
Vulnerability from cvelistv5
Published
2022-06-15 16:50
Modified
2024-09-17 02:57
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Though the vulnerability does not directly affect Universal Forwarders, remediation requires updating all Universal Forwarders that the deployment server manages to version 9.0 or higher prior to enabling the remediation.
References
prodsec@splunk.comhttps://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clientsMitigation, Vendor Advisory
prodsec@splunk.comhttps://docs.splunk.com/Documentation/Splunk/9.0.0/Security/UpdatesRelease Notes, Vendor Advisory
prodsec@splunk.comhttps://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/Mitigation, Vendor Advisory
prodsec@splunk.comhttps://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clientsMitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/UpdatesRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.htmlVendor Advisory
Impacted products
Vendor Product Version
Splunk, Inc Splunk Enterprise Version: 9.0   < 9.0
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:32:56.013Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Splunk Enterprise",
          "vendor": "Splunk, Inc",
          "versions": [
            {
              "lessThan": "9.0",
              "status": "affected",
              "version": "9.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Nadim Taha at Splunk"
        }
      ],
      "datePublic": "2022-06-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Though the vulnerability does not directly affect Universal Forwarders, remediation requires updating all Universal Forwarders that the deployment server manages to version 9.0 or higher prior to enabling the remediation."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306 Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-15T16:50:14",
        "orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
        "shortName": "Splunk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/"
        }
      ],
      "source": {
        "advisory": "SVD-2022-0607",
        "discovery": "INTERNAL"
      },
      "title": "Splunk Enterprise deployment servers allow unauthenticated forwarder bundle downloads",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "prodsec@splunk.com",
          "DATE_PUBLIC": "2022-06-14T11:55:00.000Z",
          "ID": "CVE-2022-32157",
          "STATE": "PUBLIC",
          "TITLE": "Splunk Enterprise deployment servers allow unauthenticated forwarder bundle downloads"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Splunk Enterprise",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "9.0",
                            "version_value": "9.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Splunk, Inc"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Nadim Taha at Splunk"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Though the vulnerability does not directly affect Universal Forwarders, remediation requires updating all Universal Forwarders that the deployment server manages to version 9.0 or higher prior to enabling the remediation."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-306 Missing Authentication for Critical Function"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates",
              "refsource": "CONFIRM",
              "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
            },
            {
              "name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html",
              "refsource": "CONFIRM",
              "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html"
            },
            {
              "name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients",
              "refsource": "CONFIRM",
              "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients"
            },
            {
              "name": "https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/",
              "refsource": "CONFIRM",
              "url": "https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/"
            }
          ]
        },
        "source": {
          "advisory": "SVD-2022-0607",
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
    "assignerShortName": "Splunk",
    "cveId": "CVE-2022-32157",
    "datePublished": "2022-06-15T16:50:14.702126Z",
    "dateReserved": "2022-05-31T00:00:00",
    "dateUpdated": "2024-09-17T02:57:39.248Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*\", \"versionEndExcluding\": \"9.0\", \"matchCriteriaId\": \"A6CE3B90-F8EF-4DC2-80FF-2B791F152037\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Though the vulnerability does not directly affect Universal Forwarders, remediation requires updating all Universal Forwarders that the deployment server manages to version 9.0 or higher prior to enabling the remediation.\"}, {\"lang\": \"es\", \"value\": \"Los servidores de implementaci\\u00f3n de Splunk Enterprise en versiones anteriores a 9.0, permiten una descarga no autenticada de paquetes de reenv\\u00edo. La correcci\\u00f3n requiere que actualice el servidor de implementaci\\u00f3n a versi\\u00f3n 9.0 y que configure la autenticaci\\u00f3n para los servidores de implementaci\\u00f3n y los clientes (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Una vez habilitada, los servidores de implantaci\\u00f3n s\\u00f3lo pueden administrar las versiones 9.0 y superiores de Universal Forwarder. Aunque la vulnerabilidad no afecta directamente a Universal Forwarders, la correcci\\u00f3n requiere la actualizaci\\u00f3n de todos los Universal Forwarders que el servidor de implementaci\\u00f3n administra a versi\\u00f3n 9.0 o superior antes de habilitar la reparaci\\u00f3n\"}]",
      "id": "CVE-2022-32157",
      "lastModified": "2024-11-21T07:05:51.513",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"prodsec@splunk.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-06-15T17:15:09.200",
      "references": "[{\"url\": \"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients\", \"source\": \"prodsec@splunk.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates\", \"source\": \"prodsec@splunk.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/\", \"source\": \"prodsec@splunk.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html\", \"source\": \"prodsec@splunk.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "prodsec@splunk.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"prodsec@splunk.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-306\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-306\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-32157\",\"sourceIdentifier\":\"prodsec@splunk.com\",\"published\":\"2022-06-15T17:15:09.200\",\"lastModified\":\"2024-11-21T07:05:51.513\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Though the vulnerability does not directly affect Universal Forwarders, remediation requires updating all Universal Forwarders that the deployment server manages to version 9.0 or higher prior to enabling the remediation.\"},{\"lang\":\"es\",\"value\":\"Los servidores de implementaci\u00f3n de Splunk Enterprise en versiones anteriores a 9.0, permiten una descarga no autenticada de paquetes de reenv\u00edo. La correcci\u00f3n requiere que actualice el servidor de implementaci\u00f3n a versi\u00f3n 9.0 y que configure la autenticaci\u00f3n para los servidores de implementaci\u00f3n y los clientes (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Una vez habilitada, los servidores de implantaci\u00f3n s\u00f3lo pueden administrar las versiones 9.0 y superiores de Universal Forwarder. Aunque la vulnerabilidad no afecta directamente a Universal Forwarders, la correcci\u00f3n requiere la actualizaci\u00f3n de todos los Universal Forwarders que el servidor de implementaci\u00f3n administra a versi\u00f3n 9.0 o superior antes de habilitar la reparaci\u00f3n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"prodsec@splunk.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"prodsec@splunk.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*\",\"versionEndExcluding\":\"9.0\",\"matchCriteriaId\":\"A6CE3B90-F8EF-4DC2-80FF-2B791F152037\"}]}]}],\"references\":[{\"url\":\"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients\",\"source\":\"prodsec@splunk.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates\",\"source\":\"prodsec@splunk.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/\",\"source\":\"prodsec@splunk.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html\",\"source\":\"prodsec@splunk.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.