CVE-2024-22164

In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://advisory.splunk.com/advisories/SVD-2024-0101	Vendor Advisory
https://research.splunk.com/application/bb85b25e-2d6b-4e39-bd27-50db42edcb8f/	Vendor Advisory
https://advisory.splunk.com/advisories/SVD-2024-0101	Vendor Advisory
https://research.splunk.com/application/bb85b25e-2d6b-4e39-bd27-50db42edcb8f/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:splunk:enterprise_security:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:55

Type	Values Removed	Values Added
References	~~() https://advisory.splunk.com/advisories/SVD-2024-0101 - Vendor Advisory~~	() https://advisory.splunk.com/advisories/SVD-2024-0101 - Vendor Advisory
References	~~() https://research.splunk.com/application/bb85b25e-2d6b-4e39-bd27-50db42edcb8f/ - Vendor Advisory~~	() https://research.splunk.com/application/bb85b25e-2d6b-4e39-bd27-50db42edcb8f/ - Vendor Advisory

16 Jan 2024, 17:40

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-09 17:15

Updated : 2025-06-03 15:15

NVD link : CVE-2024-22164

Mitre link : CVE-2024-22164

CVE.ORG link : CVE-2024-22164

JSON object : View

Products Affected

splunk

enterprise_security

CWE

CWE-400

Uncontrolled Resource Consumption

CWE-770

Allocation of Resources Without Limits or Throttling

{"id": "CVE-2024-22164", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "prodsec@splunk.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-01-09T17:15:12.323", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-0101", "tags": ["Vendor Advisory"], "source": "prodsec@splunk.com"}, {"url": "https://research.splunk.com/application/bb85b25e-2d6b-4e39-bd27-50db42edcb8f/", "tags": ["Vendor Advisory"], "source": "prodsec@splunk.com"}, {"url": "https://advisory.splunk.com/advisories/SVD-2024-0101", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://research.splunk.com/application/bb85b25e-2d6b-4e39-bd27-50db42edcb8f/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "prodsec@splunk.com", "description": [{"lang": "en", "value": "CWE-400"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-770"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible."}, {"lang": "es", "value": "En las versiones de Splunk Enterprise Security (ES) inferiores a 7.1.2, un atacante puede utilizar archivos adjuntos de investigaci\u00f3n para realizar una denegaci\u00f3n de servicio (DoS) a la investigaci\u00f3n. El endpoint del archivo adjunto no limita adecuadamente el tama\u00f1o de la solicitud, lo que permite que un atacante haga que la investigaci\u00f3n se vuelva inaccesible."}], "lastModified": "2025-06-03T15:15:57.183", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:splunk:enterprise_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D79C40D-51D3-4A7E-A3FC-F8638D1E6AFA", "versionEndExcluding": "7.1.2", "versionStartIncluding": "7.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "prodsec@splunk.com"}