Lucene search
HistoryNov 04, 2022 - 11:15 p.m.
CVE-2022-43564
splunk enterprise
denial of service
cve-2022-43564
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
50.1%
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user who can create search macros and schedule search reports can cause a denial of service through the use of specially crafted search macros.
Affected configurations
Node
splunksplunkRange8.1.0–8.1.12enterprise
ORsplunksplunkRange8.2.0–8.2.9enterprise
ORsplunksplunk_cloud_platformRange<9.0.2205
| Vendor | Product | Version | CPE |
|---|---|---|---|
| splunk | splunk | * | cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:* |
| splunk | splunk_cloud_platform | * | cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:* |
Related
prion
prion
Code injection
2022-11-04 23:15:00
nessus
nessus
Splunk Enterprise 8.1 < 8.1.12, 8.2.0 < 8.2.9 (SVD-2022-1104)
2022-11-03 00:00:00
cvelist
cvelist
CVE-2022-43564 Denial of Service in Splunk Enterprise through search macros
2022-11-04 22:20:36
cve
cve
CVE-2022-43564
2022-11-04 23:15:09
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
50.1%
Related for NVD:CVE-2022-43564