{"containers": {"cna": {"affected": [{"product": "Splunk Enterprise", "vendor": "Splunk, Inc", "versions": [{"lessThan": "9.0", "status": "affected", "version": "9.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Nadim Taha at Splunk"}], "datePublic": "2022-06-14T00:00:00", "descriptions": [{"lang": "en", "value": "Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Though the vulnerability does not directly affect Universal Forwarders, remediation requires updating all Universal Forwarders that the deployment server manages to version 9.0 or higher prior to enabling the remediation."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-15T16:50:14", "orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/"}], "source": {"advisory": "SVD-2022-0607", "discovery": "INTERNAL"}, "title": "Splunk Enterprise deployment servers allow unauthenticated forwarder bundle downloads", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "prodsec@splunk.com", "DATE_PUBLIC": "2022-06-14T11:55:00.000Z", "ID": "CVE-2022-32157", "STATE": "PUBLIC", "TITLE": "Splunk Enterprise deployment servers allow unauthenticated forwarder bundle downloads"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Splunk Enterprise", "version": {"version_data": [{"version_affected": "<", "version_name": "9.0", "version_value": "9.0"}]}}]}, "vendor_name": "Splunk, Inc"}]}}, "credit": [{"lang": "eng", "value": "Nadim Taha at Splunk"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Though the vulnerability does not directly affect Universal Forwarders, remediation requires updating all Universal Forwarders that the deployment server manages to version 9.0 or higher prior to enabling the remediation."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-306 Missing Authentication for Critical Function"}]}]}, "references": {"reference_data": [{"name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", "refsource": "CONFIRM", "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"}, {"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html", "refsource": "CONFIRM", "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html"}, {"name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients", "refsource": "CONFIRM", "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients"}, {"name": "https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/", "refsource": "CONFIRM", "url": "https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/"}]}, "source": {"advisory": "SVD-2022-0607", "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:32:56.013Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/"}]}]}, "cveMetadata": {"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "assignerShortName": "Splunk", "cveId": "CVE-2022-32157", "datePublished": "2022-06-15T16:50:14.702126Z", "dateReserved": "2022-05-31T00:00:00", "dateUpdated": "2024-09-17T02:57:39.248Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "A6CE3B90-F8EF-4DC2-80FF-2B791F152037", "versionEndExcluding": "9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Though the vulnerability does not directly affect Universal Forwarders, remediation requires updating all Universal Forwarders that the deployment server manages to version 9.0 or higher prior to enabling the remediation."}, {"lang": "es", "value": "Los servidores de implementaci\u00f3n de Splunk Enterprise en versiones anteriores a 9.0, permiten una descarga no autenticada de paquetes de reenv\u00edo. La correcci\u00f3n requiere que actualice el servidor de implementaci\u00f3n a versi\u00f3n 9.0 y que configure la autenticaci\u00f3n para los servidores de implementaci\u00f3n y los clientes (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Una vez habilitada, los servidores de implantaci\u00f3n s\u00f3lo pueden administrar las versiones 9.0 y superiores de Universal Forwarder. Aunque la vulnerabilidad no afecta directamente a Universal Forwarders, la correcci\u00f3n requiere la actualizaci\u00f3n de todos los Universal Forwarders que el servidor de implementaci\u00f3n administra a versi\u00f3n 9.0 o superior antes de habilitar la reparaci\u00f3n"}], "id": "CVE-2022-32157", "lastModified": "2024-11-21T07:05:51.513", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "prodsec@splunk.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-15T17:15:09.200", "references": [{"source": "prodsec@splunk.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients"}, {"source": "prodsec@splunk.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"}, {"source": "prodsec@splunk.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/"}, {"source": "prodsec@splunk.com", "tags": ["Vendor Advisory"], "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html"}], "sourceIdentifier": "prodsec@splunk.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "prodsec@splunk.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}