CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-22165

In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.<br>The vulnerability requires an authenticated session and access to create an Investigation. It only affects the availability of the Investigations manager, but without the manager, the Investigations functionality becomes unusable for most users.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 44.9%

CVSS Severity

CVSS v3 Score 6.5

References

https://advisory.splunk.com/advisories/SVD-2024-0102
https://research.splunk.com/application/7f6a07bd-82ef-46b8-8eba-802278abd00e/
https://advisory.splunk.com/advisories/SVD-2024-0102
https://research.splunk.com/application/7f6a07bd-82ef-46b8-8eba-802278abd00e/

Products affected by CVE-2024-22165

Splunk » Enterprise Security » Version: 7.1.0

cpe:2.3:a:splunk:enterprise_security:7.1.0
Splunk » Enterprise Security » Version: 7.1.1

cpe:2.3:a:splunk:enterprise_security:7.1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-22165

Products

Pricing

Contact Us