CVE-2021-3422 Indexer denial-of-service via malformed S2S request

🗓️ 25 Mar 2022 18:02:43Reported by SplunkType

Splunk Enterprise DoS vulnerability via S2S reques

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2021-3422	25 Mar 202221:30	–	circl
CNNVD	Splunk Enterprise 输入验证错误漏洞	25 Mar 202200:00	–	cnnvd
CVE	CVE-2021-3422	25 Mar 202218:02	–	cve
EUVD	EUVD-2021-26750	7 Oct 202500:30	–	euvd
NVD	CVE-2021-3422	25 Mar 202219:15	–	nvd
OSV	CVE-2021-3422	25 Mar 202219:15	–	osv
Prion	Design/Logic Flaw	25 Mar 202219:15	–	prion
RedhatCVE	CVE-2021-3422	22 May 202521:28	–	redhatcve

[
  {
    "product": "Splunk Enterprise",
    "vendor": "Splunk",
    "versions": [
      {
        "status": "affected",
        "version": "8.2 version(s) before 8.2.0"
      },
      {
        "status": "affected",
        "version": "8.1 version(s) before 8.1.3"
      },
      {
        "status": "affected",
        "version": "8.0 version(s) before 8.0.9"
      },
      {
        "status": "affected",
        "version": "7.3 version(s) before 7.3.9"
      }
    ]
  }
]

Source	Link
splunk	www.splunk.com/en_us/product-security/announcements/svd-2022-0301.html
claroty	www.claroty.com/2022/03/24/blog-research-locking-down-splunk-enterprise-indexers-and-forwarders/

28 Mar 2022 18:52Current

7.7High risk

Vulners AI Score7.7

CVSS 3.17.5

EPSS0.00392

CWE-125