CVE-2024-22165

EPSS 0.29%
Veröffentlicht 09.01.2024 17:15:12
Zuletzt bearbeitet 21.11.2024 08:55:43
Quelle prodsec@splunk.com
Teams Watchlist Login
Unerledigt Login

In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.<br>The vulnerability requires an authenticated session and access to create an Investigation. It only affects the availability of the Investigations manager, but without the manager, the Investigations functionality becomes unusable for most users.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Splunk ≫ Enterprise Security Version >= 7.1.0 < 7.1.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.29%	0.519

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
prodsec@splunk.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://advisory.splunk.com/advisories/SVD-2024-0102

Vendor Advisory

https://research.splunk.com/application/7f6a07bd-82ef-46b8-8eba-802278abd00e/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-22165

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-22165

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-22165

EUVD