What is CVE-2022-32157?

CVE-2022-32157 is a vulnerability in Splunk Enterprise deployment servers in versions before 9.0 that allows unauthenticated downloading of forwarder bundles.

What is the severity of CVE-2022-32157?

CVE-2022-32157 has a severity rating of 7.5, which is considered high.

How can I fix CVE-2022-32157?

To fix CVE-2022-32157, you need to update the Splunk Enterprise deployment server to version 9.0 and configure authentication for deployment servers and clients.

Where can I find more information about CVE-2022-32157?

You can find more information about CVE-2022-32157 in the Splunk documentation and the Splunk research website.

What is the Common Weakness Enumeration (CWE) ID for CVE-2022-32157?

The Common Weakness Enumeration (CWE) ID for CVE-2022-32157 is 306.

Vulnerability/
CVE-2022-32157

high

7.5

CWE

306

15/6/2022

17/9/2024

CVE-2022-32157: Splunk Enterprise deployment servers allow unauthenticated forwarder bundle downloads

First published: Wed Jun 15 2022(Updated: )

Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Though the vulnerability does not directly affect Universal Forwarders, remediation requires updating all Universal Forwarders that the deployment server manages to version 9.0 or higher prior to enabling the remediation.

Credit: prodsec@splunk.com

Affected Software	Affected Version	How to fix
Splunk Splunk	<9.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-32157?
CVE-2022-32157 is a vulnerability in Splunk Enterprise deployment servers in versions before 9.0 that allows unauthenticated downloading of forwarder bundles.
What is the severity of CVE-2022-32157?
CVE-2022-32157 has a severity rating of 7.5, which is considered high.
How can I fix CVE-2022-32157?
To fix CVE-2022-32157, you need to update the Splunk Enterprise deployment server to version 9.0 and configure authentication for deployment servers and clients.
Where can I find more information about CVE-2022-32157?
You can find more information about CVE-2022-32157 in the Splunk documentation and the Splunk research website.
What is the Common Weakness Enumeration (CWE) ID for CVE-2022-32157?
The Common Weakness Enumeration (CWE) ID for CVE-2022-32157 is 306.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/author
agent/weakness
agent/last-modified-date
agent/title
agent/description
agent/first-publish-date
agent/event
agent/tags
vendor/splunk
canonical/splunk splunk

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.