cvelistv5 - cve-2024-22165

CVE-2024-22165 (GCVE-0-2024-22165)

Vulnerability from cvelistv5 – Published: 2024-01-09 17:01 – Updated: 2025-02-28 11:03

Summary

In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.<br>The vulnerability requires an authenticated session and access to create an Investigation. It only affects the availability of the Investigations manager, but without the manager, the Investigations functionality becomes unusable for most users.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.

Assigner

Splunk

References

URL

Tags

	https://advisory.splunk.com/advisories/SVD-2024-0102
	https://research.splunk.com/application/7f6a07bd-…

Impacted products

	Vendor	Product	Version
	Splunk	Splunk Enterprise Security (ES)	Affected: 7.3 , < 7.3.0 (custom) Affected: 7.2 , < 7.2.0 (custom) Affected: 7.1 , < 7.1.2 (custom)

Credits

Eric LaMothe, Splunk

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-22165",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-10T19:58:58.267037Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:52:31.592Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:35:34.910Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://advisory.splunk.com/advisories/SVD-2024-0102"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://research.splunk.com/application/7f6a07bd-82ef-46b8-8eba-802278abd00e/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Splunk Enterprise Security (ES)",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "7.3.0",
              "status": "affected",
              "version": "7.3",
              "versionType": "custom"
            },
            {
              "lessThan": "7.2.0",
              "status": "affected",
              "version": "7.2",
              "versionType": "custom"
            },
            {
              "lessThan": "7.1.2",
              "status": "affected",
              "version": "7.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Eric LaMothe, Splunk"
        }
      ],
      "datePublic": "2024-01-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.\u003cbr\u003eThe vulnerability requires an authenticated session and access to create an Investigation. It only affects the availability of the Investigations manager, but without the manager, the Investigations functionality becomes unusable for most users."
            }
          ],
          "value": "In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.\u003cbr\u003eThe vulnerability requires an authenticated session and access to create an Investigation. It only affects the availability of the Investigations manager, but without the manager, the Investigations functionality becomes unusable for most users."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-28T11:03:43.686Z",
        "orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
        "shortName": "Splunk"
      },
      "references": [
        {
          "url": "https://advisory.splunk.com/advisories/SVD-2024-0102"
        },
        {
          "url": "https://research.splunk.com/application/7f6a07bd-82ef-46b8-8eba-802278abd00e/"
        }
      ],
      "source": {
        "advisory": "SVD-2024-0102"
      },
      "title": "Denial of Service in Splunk Enterprise Security of the Investigations manager through Investigation creation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
    "assignerShortName": "Splunk",
    "cveId": "CVE-2024-22165",
    "datePublished": "2024-01-09T17:01:04.884Z",
    "dateReserved": "2024-01-05T16:53:01.504Z",
    "dateUpdated": "2025-02-28T11:03:43.686Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:splunk:enterprise_security:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.1.0\", \"versionEndExcluding\": \"7.1.2\", \"matchCriteriaId\": \"2D79C40D-51D3-4A7E-A3FC-F8638D1E6AFA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.\u003cbr\u003eThe vulnerability requires an authenticated session and access to create an Investigation. It only affects the availability of the Investigations manager, but without the manager, the Investigations functionality becomes unusable for most users.\"}, {\"lang\": \"es\", \"value\": \"En versiones de Splunk Enterprise Security (ES) inferiores a 7.1.2, un atacante puede crear una investigaci\\u00f3n con formato incorrecto para realizar una denegaci\\u00f3n de servicio (DoS). La investigaci\\u00f3n con formato incorrecto impide la generaci\\u00f3n y representaci\\u00f3n del administrador de Investigaciones hasta que se elimine.\u003cbr\u003eLa vulnerabilidad requiere una sesi\\u00f3n autenticada y acceso para crear una investigaci\\u00f3n. Solo afecta la disponibilidad del administrador de Investigaciones, pero sin el administrador, la funcionalidad de Investigaciones queda inutilizable para la mayor\\u00eda de los usuarios.\"}]",
      "id": "CVE-2024-22165",
      "lastModified": "2024-11-21T08:55:43.170",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"prodsec@splunk.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}]}",
      "published": "2024-01-09T17:15:12.523",
      "references": "[{\"url\": \"https://advisory.splunk.com/advisories/SVD-2024-0102\", \"source\": \"prodsec@splunk.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://research.splunk.com/application/7f6a07bd-82ef-46b8-8eba-802278abd00e/\", \"source\": \"prodsec@splunk.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://advisory.splunk.com/advisories/SVD-2024-0102\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://research.splunk.com/application/7f6a07bd-82ef-46b8-8eba-802278abd00e/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "prodsec@splunk.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"prodsec@splunk.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-22165\",\"sourceIdentifier\":\"prodsec@splunk.com\",\"published\":\"2024-01-09T17:15:12.523\",\"lastModified\":\"2024-11-21T08:55:43.170\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.\u003cbr\u003eThe vulnerability requires an authenticated session and access to create an Investigation. It only affects the availability of the Investigations manager, but without the manager, the Investigations functionality becomes unusable for most users.\"},{\"lang\":\"es\",\"value\":\"En versiones de Splunk Enterprise Security (ES) inferiores a 7.1.2, un atacante puede crear una investigaci\u00f3n con formato incorrecto para realizar una denegaci\u00f3n de servicio (DoS). La investigaci\u00f3n con formato incorrecto impide la generaci\u00f3n y representaci\u00f3n del administrador de Investigaciones hasta que se elimine.\u003cbr\u003eLa vulnerabilidad requiere una sesi\u00f3n autenticada y acceso para crear una investigaci\u00f3n. Solo afecta la disponibilidad del administrador de Investigaciones, pero sin el administrador, la funcionalidad de Investigaciones queda inutilizable para la mayor\u00eda de los usuarios.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"prodsec@splunk.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"prodsec@splunk.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:enterprise_security:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.1.0\",\"versionEndExcluding\":\"7.1.2\",\"matchCriteriaId\":\"2D79C40D-51D3-4A7E-A3FC-F8638D1E6AFA\"}]}]}],\"references\":[{\"url\":\"https://advisory.splunk.com/advisories/SVD-2024-0102\",\"source\":\"prodsec@splunk.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://research.splunk.com/application/7f6a07bd-82ef-46b8-8eba-802278abd00e/\",\"source\":\"prodsec@splunk.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://advisory.splunk.com/advisories/SVD-2024-0102\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://research.splunk.com/application/7f6a07bd-82ef-46b8-8eba-802278abd00e/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://advisory.splunk.com/advisories/SVD-2024-0102\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://research.splunk.com/application/7f6a07bd-82ef-46b8-8eba-802278abd00e/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T22:35:34.910Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-22165\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-01-10T19:58:58.267037Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-20T19:17:39.823Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"Denial of Service in Splunk Enterprise Security of the Investigations manager through Investigation creation\", \"source\": {\"advisory\": \"SVD-2024-0102\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"Eric LaMothe, Splunk\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Splunk\", \"product\": \"Splunk Enterprise Security (ES)\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.3\", \"lessThan\": \"7.3.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.2\", \"lessThan\": \"7.2.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.1\", \"lessThan\": \"7.1.2\", \"versionType\": \"custom\"}]}], \"datePublic\": \"2024-01-09T00:00:00.000Z\", \"references\": [{\"url\": \"https://advisory.splunk.com/advisories/SVD-2024-0102\"}, {\"url\": \"https://research.splunk.com/application/7f6a07bd-82ef-46b8-8eba-802278abd00e/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.\u003cbr\u003eThe vulnerability requires an authenticated session and access to create an Investigation. It only affects the availability of the Investigations manager, but without the manager, the Investigations functionality becomes unusable for most users.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.\u003cbr\u003eThe vulnerability requires an authenticated session and access to create an Investigation. It only affects the availability of the Investigations manager, but without the manager, the Investigations functionality becomes unusable for most users.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-20\", \"description\": \"The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.\"}]}], \"providerMetadata\": {\"orgId\": \"42b59230-ec95-491e-8425-5a5befa1a469\", \"shortName\": \"Splunk\", \"dateUpdated\": \"2025-02-28T11:03:43.686Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-22165\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-28T11:03:43.686Z\", \"dateReserved\": \"2024-01-05T16:53:01.504Z\", \"assignerOrgId\": \"42b59230-ec95-491e-8425-5a5befa1a469\", \"datePublished\": \"2024-01-09T17:01:04.884Z\", \"assignerShortName\": \"Splunk\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2024-22165

Vulnerability from fkie_nvd - Published: 2024-01-09 17:15 - Updated: 2024-11-21 08:55

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
prodsec@splunk.com	https://advisory.splunk.com/advisories/SVD-2024-0102	Vendor Advisory
prodsec@splunk.com	https://research.splunk.com/application/7f6a07bd-82ef-46b8-8eba-802278abd00e/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://advisory.splunk.com/advisories/SVD-2024-0102	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://research.splunk.com/application/7f6a07bd-82ef-46b8-8eba-802278abd00e/	Vendor Advisory

Impacted products

	Vendor	Product	Version
	splunk	enterprise_security	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:splunk:enterprise_security:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D79C40D-51D3-4A7E-A3FC-F8638D1E6AFA",
              "versionEndExcluding": "7.1.2",
              "versionStartIncluding": "7.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.\u003cbr\u003eThe vulnerability requires an authenticated session and access to create an Investigation. It only affects the availability of the Investigations manager, but without the manager, the Investigations functionality becomes unusable for most users."
    },
    {
      "lang": "es",
      "value": "En versiones de Splunk Enterprise Security (ES) inferiores a 7.1.2, un atacante puede crear una investigaci\u00f3n con formato incorrecto para realizar una denegaci\u00f3n de servicio (DoS). La investigaci\u00f3n con formato incorrecto impide la generaci\u00f3n y representaci\u00f3n del administrador de Investigaciones hasta que se elimine.\u003cbr\u003eLa vulnerabilidad requiere una sesi\u00f3n autenticada y acceso para crear una investigaci\u00f3n. Solo afecta la disponibilidad del administrador de Investigaciones, pero sin el administrador, la funcionalidad de Investigaciones queda inutilizable para la mayor\u00eda de los usuarios."
    }
  ],
  "id": "CVE-2024-22165",
  "lastModified": "2024-11-21T08:55:43.170",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "prodsec@splunk.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-09T17:15:12.523",
  "references": [
    {
      "source": "prodsec@splunk.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0102"
    },
    {
      "source": "prodsec@splunk.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://research.splunk.com/application/7f6a07bd-82ef-46b8-8eba-802278abd00e/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0102"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://research.splunk.com/application/7f6a07bd-82ef-46b8-8eba-802278abd00e/"
    }
  ],
  "sourceIdentifier": "prodsec@splunk.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "prodsec@splunk.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2024-AVI-0015

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Splunk. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Splunk	N/A	Splunk User Behavior Analytics (UBA) versions antérieures à 5.2.1
	Splunk	Splunk Enterprise	Splunk Enterprise Security (ES) versions antérieures à 7.1.2

References

Title

Publication Time

Tags

Bulletin de sécurité Splunk SVD-2024-0103 du 09 janvier 2024	None	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-0104 du 09 janvier 2024	None	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-0102 du 09 janvier 2024	None	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-0101 du 09 janvier 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Splunk User Behavior Analytics (UBA) versions ant\u00e9rieures \u00e0 5.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise Security (ES) versions ant\u00e9rieures \u00e0 7.1.2",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-46175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
    },
    {
      "name": "CVE-2015-5237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5237"
    },
    {
      "name": "CVE-2022-37603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
    },
    {
      "name": "CVE-2021-23446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23446"
    },
    {
      "name": "CVE-2022-25883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
    },
    {
      "name": "CVE-2023-32695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32695"
    },
    {
      "name": "CVE-2023-45133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
    },
    {
      "name": "CVE-2024-22164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22164"
    },
    {
      "name": "CVE-2022-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
    },
    {
      "name": "CVE-2022-3509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
    },
    {
      "name": "CVE-2022-37601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
    },
    {
      "name": "CVE-2024-22165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22165"
    },
    {
      "name": "CVE-2023-2976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
    },
    {
      "name": "CVE-2022-37599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
    },
    {
      "name": "CVE-2022-3171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0015",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-01-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSplunk. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0103 du 09 janvier 2024",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0103"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0104 du 09 janvier 2024",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0104"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0102 du 09 janvier 2024",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0102"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0101 du 09 janvier 2024",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0101"
    }
  ]
}

CERTFR-2024-AVI-0015

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Splunk	N/A	Splunk User Behavior Analytics (UBA) versions antérieures à 5.2.1
	Splunk	Splunk Enterprise	Splunk Enterprise Security (ES) versions antérieures à 7.1.2

References

Title

Publication Time

Tags

Bulletin de sécurité Splunk SVD-2024-0103 du 09 janvier 2024	None	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-0104 du 09 janvier 2024	None	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-0102 du 09 janvier 2024	None	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-0101 du 09 janvier 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Splunk User Behavior Analytics (UBA) versions ant\u00e9rieures \u00e0 5.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise Security (ES) versions ant\u00e9rieures \u00e0 7.1.2",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-46175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
    },
    {
      "name": "CVE-2015-5237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5237"
    },
    {
      "name": "CVE-2022-37603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
    },
    {
      "name": "CVE-2021-23446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23446"
    },
    {
      "name": "CVE-2022-25883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
    },
    {
      "name": "CVE-2023-32695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32695"
    },
    {
      "name": "CVE-2023-45133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
    },
    {
      "name": "CVE-2024-22164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22164"
    },
    {
      "name": "CVE-2022-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
    },
    {
      "name": "CVE-2022-3509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
    },
    {
      "name": "CVE-2022-37601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
    },
    {
      "name": "CVE-2024-22165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22165"
    },
    {
      "name": "CVE-2023-2976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
    },
    {
      "name": "CVE-2022-37599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
    },
    {
      "name": "CVE-2022-3171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0015",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-01-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSplunk. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0103 du 09 janvier 2024",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0103"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0104 du 09 janvier 2024",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0104"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0102 du 09 janvier 2024",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0102"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0101 du 09 janvier 2024",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0101"
    }
  ]
}

WID-SEC-W-2024-0049

Vulnerability from csaf_certbund - Published: 2024-01-09 23:00 - Updated: 2024-07-01 22:00

Summary

Splunk Enterprise: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Splunk Enterprise ausnutzen, um beliebigen Programmcode auszuführen, einen Denial of Service Zustand herbeizuführen oder unbekannte Auswirkungen zu verursachen.

Betroffene Betriebssysteme

- Linux - UNIX

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Splunk Enterprise erm\u00f6glicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Splunk Enterprise ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0049 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0049.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0049 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0049"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2024-0101 vom 2024-01-09",
        "url": "https://advisory.splunk.com//advisories/SVD-2024-0101"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2024-0102 vom 2024-01-09",
        "url": "https://advisory.splunk.com//advisories/SVD-2024-0102"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2024-0103 vom 2024-01-09",
        "url": "https://advisory.splunk.com//advisories/SVD-2024-0103"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2024-0104 vom 2024-01-09",
        "url": "https://advisory.splunk.com//advisories/SVD-2024-0104"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2024-0112 vom 2024-01-30",
        "url": "https://advisory.splunk.com//advisories/SVD-2024-0112"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2024-0718 vom 2024-07-02",
        "url": "https://advisory.splunk.com/advisories/SVD-2024-0718"
      }
    ],
    "source_lang": "en-US",
    "title": "Splunk Enterprise: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-07-01T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:03:28.208+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-0049",
      "initial_release_date": "2024-01-09T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-01-09T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-01-30T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Splunk-SVD aufgenommen"
        },
        {
          "date": "2024-07-01T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Splunk-SVD aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Security \u003c7.3.0",
                "product": {
                  "name": "Splunk Splunk Enterprise Security \u003c7.3.0",
                  "product_id": "T031923"
                }
              },
              {
                "category": "product_version_range",
                "name": "Security \u003c7.2.0",
                "product": {
                  "name": "Splunk Splunk Enterprise Security \u003c7.2.0",
                  "product_id": "T031924"
                }
              },
              {
                "category": "product_version_range",
                "name": "Security \u003c7.1.2",
                "product": {
                  "name": "Splunk Splunk Enterprise Security \u003c7.1.2",
                  "product_id": "T031925"
                }
              },
              {
                "category": "product_version_range",
                "name": "UBA \u003c5.3.0",
                "product": {
                  "name": "Splunk Splunk Enterprise UBA \u003c5.3.0",
                  "product_id": "T031926"
                }
              },
              {
                "category": "product_version_range",
                "name": "UBA \u003c5.2.1",
                "product": {
                  "name": "Splunk Splunk Enterprise UBA \u003c5.2.1",
                  "product_id": "T031927"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.2.1",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.2.1",
                  "product_id": "T033705"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.1.4",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.1.4",
                  "product_id": "T033718"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.0.9",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.0.9",
                  "product_id": "T033720"
                }
              }
            ],
            "category": "product_name",
            "name": "Splunk Enterprise"
          }
        ],
        "category": "vendor",
        "name": "Splunk"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-5237",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T033705"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2015-5237"
    },
    {
      "cve": "CVE-2021-23446",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T033705"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2021-23446"
    },
    {
      "cve": "CVE-2022-25883",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T033705"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2022-25883"
    },
    {
      "cve": "CVE-2022-3171",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T033705"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2022-3171"
    },
    {
      "cve": "CVE-2022-3509",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T033705"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2022-3509"
    },
    {
      "cve": "CVE-2022-3510",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T033705"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2022-3510"
    },
    {
      "cve": "CVE-2022-37599",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T033705"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2022-37599"
    },
    {
      "cve": "CVE-2022-37601",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T033705"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2022-37601"
    },
    {
      "cve": "CVE-2022-37603",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T033705"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2022-37603"
    },
    {
      "cve": "CVE-2022-46175",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T033705"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2022-46175"
    },
    {
      "cve": "CVE-2023-2976",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T033705"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2023-2976"
    },
    {
      "cve": "CVE-2023-32695",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T033705"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2023-32695"
    },
    {
      "cve": "CVE-2023-45133",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T033705"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2023-45133"
    },
    {
      "cve": "CVE-2024-22164",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese bestehen in der Komponente \"Investigator\" und sind auf Fehler bei der Verarbeitung von Requests und Investigationen zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T033705"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2024-22164"
    },
    {
      "cve": "CVE-2024-22165",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese bestehen in der Komponente \"Investigator\" und sind auf Fehler bei der Verarbeitung von Requests und Investigationen zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T033705"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2024-22165"
    }
  ]
}

GSD-2024-22165

Vulnerability from gsd - Updated: 2024-01-06 06:02

Details

Aliases

CVE-2024-22165

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-22165"
      ],
      "details": "In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.\u003cbr\u003eThe vulnerability requires an authenticated session and access to create an Investigation. It only affects the availability of the Investigations manager, but without the manager, the Investigations functionality becomes unusable for most users.",
      "id": "GSD-2024-22165",
      "modified": "2024-01-06T06:02:13.733386Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "prodsec@splunk.com",
        "ID": "CVE-2024-22165",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Splunk Enterprise Security (ES)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "7.3",
                          "version_value": "7.3.0"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "7.2",
                          "version_value": "7.2.0"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "7.1",
                          "version_value": "7.1.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Splunk"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Eric LaMothe, Splunk"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.\u003cbr\u003eThe vulnerability requires an authenticated session and access to create an Investigation. It only affects the availability of the Investigations manager, but without the manager, the Investigations functionality becomes unusable for most users."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-20",
                "lang": "eng",
                "value": "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program."
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://advisory.splunk.com/advisories/SVD-2024-0102",
            "refsource": "MISC",
            "url": "https://advisory.splunk.com/advisories/SVD-2024-0102"
          },
          {
            "name": "https://research.splunk.com/application/7f6a07bd-82ef-46b8-8eba-802278abd00e/",
            "refsource": "MISC",
            "url": "https://research.splunk.com/application/7f6a07bd-82ef-46b8-8eba-802278abd00e/"
          }
        ]
      },
      "source": {
        "advisory": "SVD-2024-0102"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:splunk:enterprise_security:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "2D79C40D-51D3-4A7E-A3FC-F8638D1E6AFA",
                    "versionEndExcluding": "7.1.2",
                    "versionStartIncluding": "7.1.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.\u003cbr\u003eThe vulnerability requires an authenticated session and access to create an Investigation. It only affects the availability of the Investigations manager, but without the manager, the Investigations functionality becomes unusable for most users."
          },
          {
            "lang": "es",
            "value": "En versiones de Splunk Enterprise Security (ES) inferiores a 7.1.2, un atacante puede crear una investigaci\u00f3n con formato incorrecto para realizar una denegaci\u00f3n de servicio (DoS). La investigaci\u00f3n con formato incorrecto impide la generaci\u00f3n y representaci\u00f3n del administrador de Investigaciones hasta que se elimine.\u003cbr\u003eLa vulnerabilidad requiere una sesi\u00f3n autenticada y acceso para crear una investigaci\u00f3n. Solo afecta la disponibilidad del administrador de Investigaciones, pero sin el administrador, la funcionalidad de Investigaciones queda inutilizable para la mayor\u00eda de los usuarios."
          }
        ],
        "id": "CVE-2024-22165",
        "lastModified": "2024-01-16T18:30:58.893",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 3.6,
              "source": "prodsec@splunk.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-01-09T17:15:12.523",
        "references": [
          {
            "source": "prodsec@splunk.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://advisory.splunk.com/advisories/SVD-2024-0102"
          },
          {
            "source": "prodsec@splunk.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://research.splunk.com/application/7f6a07bd-82ef-46b8-8eba-802278abd00e/"
          }
        ],
        "sourceIdentifier": "prodsec@splunk.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "NVD-CWE-noinfo"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-20"
              }
            ],
            "source": "prodsec@splunk.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

GHSA-W48W-95MF-VVC4

Vulnerability from github – Published: 2024-01-09 18:30 – Updated: 2024-01-09 18:30

Details

In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.
The vulnerability requires an authenticated session and access to create an Investigation. It only affects the availability of the Investigations manager, but without the manager, the Investigations functionality becomes unusable for most users.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-22165"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-09T17:15:12Z",
    "severity": "MODERATE"
  },
  "details": "In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.\u003cbr\u003eThe vulnerability requires an authenticated session and access to create an Investigation. It only affects the availability of the Investigations manager, but without the manager, the Investigations functionality becomes unusable for most users.",
  "id": "GHSA-w48w-95mf-vvc4",
  "modified": "2024-01-09T18:30:27Z",
  "published": "2024-01-09T18:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22165"
    },
    {
      "type": "WEB",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0102"
    },
    {
      "type": "WEB",
      "url": "https://research.splunk.com/application/7f6a07bd-82ef-46b8-8eba-802278abd00e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-22165 (GCVE-0-2024-22165)

FKIE_CVE-2024-22165

CERTFR-2024-AVI-0015

Solution

CERTFR-2024-AVI-0015

Solution

WID-SEC-W-2024-0049

GSD-2024-22165

GHSA-W48W-95MF-VVC4

Tags

Sightings

Nomenclature