exploitDog

CVE-2024-22164

Опубликовано: 09 янв. 2024

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible.

Ссылки

https://advisory.splunk.com/advisories/SVD-2024-0101
Vendor Advisory
https://research.splunk.com/application/bb85b25e-2d6b-4e39-bd27-50db42edcb8f/
Vendor Advisory
https://advisory.splunk.com/advisories/SVD-2024-0101
Vendor Advisory
https://research.splunk.com/application/bb85b25e-2d6b-4e39-bd27-50db42edcb8f/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:splunk:enterprise_security:*:*:*:*:*:*:*:*

Версия от 7.1.0 (включая) до 7.1.2 (исключая)

EPSS

Процентиль: 36%

0.00151

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-400

CWE-770

CWE-400

Связанные уязвимости

GHSA-5q6v-3768-8xq7

CVSS3: 4.3

github

около 2 лет назад

In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible.

EPSS

Процентиль: 36%

0.00151

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-400

CWE-770

CWE-400