{"containers":{"cna":{"affected":[{"product":"Splunk Enterprise","vendor":"Splunk, Inc","versions":[{"lessThan":"9.0","status":"affected","version":"9.0","versionType":"custom"},{"lessThan":"8.2.6.1","status":"affected","version":"8.2","versionType":"custom"},{"lessThan":"8.1.10.1","status":"affected","version":"8.1","versionType":"custom"}]}],"credits":[{"lang":"en","value":"Nadim Taha at Splunk"}],"datePublic":"2022-06-14T00:00:00.000Z","descriptions":[{"lang":"en","value":"Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2.6.1, and 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server. An attacker that compromised a Universal Forwarder endpoint could use the vulnerability to execute arbitrary code on all other Universal Forwarder endpoints subscribed to the deployment server."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-284","description":"CWE-284 Improper Access Control","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-07-12T20:10:32.000Z","orgId":"42b59230-ec95-491e-8425-5a5befa1a469","shortName":"Splunk"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"},{"tags":["x_refsource_CONFIRM"],"url":"https://www.splunk.com/en_us/product-security/announcements/svd-2022-0608.html"}],"source":{"advisory":"SVD-2022-0608","discovery":"INTERNAL"},"title":"Splunk Enterprise deployment servers allow client publishing of forwarder bundles","x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"prodsec@splunk.com","DATE_PUBLIC":"2022-06-14T11:55:00.000Z","ID":"CVE-2022-32158","STATE":"PUBLIC","TITLE":"Splunk Enterprise deployment servers allow client publishing of forwarder bundles"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Splunk Enterprise","version":{"version_data":[{"version_affected":"<","version_name":"9.0","version_value":"9.0"},{"version_affected":"<","version_name":"8.2","version_value":"8.2.6.1"},{"version_affected":"<","version_name":"8.1","version_value":"8.1.10.1"}]}}]},"vendor_name":"Splunk, Inc"}]}},"credit":[{"lang":"eng","value":"Nadim Taha at Splunk"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2.6.1, and 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server. An attacker that compromised a Universal Forwarder endpoint could use the vulnerability to execute arbitrary code on all other Universal Forwarder endpoints subscribed to the deployment server."}]},"impact":{"cvss":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-284 Improper Access Control"}]}]},"references":{"reference_data":[{"name":"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates","refsource":"CONFIRM","url":"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"},{"name":"https://www.splunk.com/en_us/product-security/announcements/svd-2022-0608.html","refsource":"CONFIRM","url":"https://www.splunk.com/en_us/product-security/announcements/svd-2022-0608.html"}]},"source":{"advisory":"SVD-2022-0608","discovery":"INTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T07:32:56.019Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.splunk.com/en_us/product-security/announcements/svd-2022-0608.html"}]}]},"cveMetadata":{"assignerOrgId":"42b59230-ec95-491e-8425-5a5befa1a469","assignerShortName":"Splunk","cveId":"CVE-2022-32158","datePublished":"2022-06-15T16:50:43.633Z","dateReserved":"2022-05-31T00:00:00.000Z","dateUpdated":"2024-09-17T02:20:54.385Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}