CRITICAL✓ PATCH🇬🇧 English

CVE-2022-32158

CVSS 9.0v3.1pub. 2022-06-15upd. 2024-11-21

Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2.6.1, and 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server. An attacker that compromised a Universal Forwarder endpoint could use the vulnerability to execute arbitrary code on all other Universal Forwarder endpoints subscribed to the deployment server.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Splunk

    APP
    Splunk
    < 9.0
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2026-20253CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Splunk Enterprise — tworzenie/skracanie plików bez uwierzytelnienia przez sidecar PostgreSQL

CVE-2017-17067CRITICAL9.8ten sam produkt

Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6...

CVE-2016-10126CRITICAL9.8ten sam produkt

Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6....

CVE-2014-0160HIGH7.5⚠ KEVten sam produkt

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Exten...

CVE-2026-20251HIGH8.8ten sam produkt

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 1...

CVE-2022-32158 — CRITICAL 9.0 | CVEbaza.pl