CVE-2022-32157
HIGHSplunk < 9.0 - Unauthenticated Forwarder Bundle Download
Title source: llmDescription
Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Though the vulnerability does not directly affect Universal Forwarders, remediation requires updating all Universal Forwarders that the deployment server manages to version 9.0 or higher prior to enabling the remediation.
References (4)
Core 4
Core References
Release Notes, Vendor Advisory x_refsource_confirm
https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates
Vendor Advisory x_refsource_confirm
https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html
Mitigation, Vendor Advisory x_refsource_confirm
https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients
Mitigation, Vendor Advisory x_refsource_confirm
https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/
Scores
CVSS v3
7.5
EPSS
0.0050
EPSS Percentile
66.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-306
Status
published
Products (1)
splunk/splunk
< 9.0
Published
Jun 15, 2022
Tracked Since
Feb 18, 2026