CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-22164

In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 36.9%

CVSS Severity

CVSS v3 Score 4.3

References

https://advisory.splunk.com/advisories/SVD-2024-0101
https://research.splunk.com/application/bb85b25e-2d6b-4e39-bd27-50db42edcb8f/
https://advisory.splunk.com/advisories/SVD-2024-0101
https://research.splunk.com/application/bb85b25e-2d6b-4e39-bd27-50db42edcb8f/

Products affected by CVE-2024-22164

Splunk » Enterprise Security » Version: 7.1.0

cpe:2.3:a:splunk:enterprise_security:7.1.0
Splunk » Enterprise Security » Version: 7.1.1

cpe:2.3:a:splunk:enterprise_security:7.1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-22164

Products

Pricing

Contact Us