CVE-2022-43564: Denial of Service in Splunk Enterprise through search macros
First published: Fri Nov 04 2022(Updated: )
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user who can create search macros and schedule search reports can cause a denial of service through the use of specially crafted search macros.
Credit: prodsec@splunk.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Splunk Splunk | >=8.1.0<8.1.12 | |
| Splunk Splunk | >=8.2.0<8.2.9 | |
| Splunk Splunk Cloud Platform | <9.0.2205 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this Splunk Enterprise vulnerability?
The vulnerability ID for this Splunk Enterprise vulnerability is CVE-2022-43564.
What is the severity of CVE-2022-43564?
The severity of CVE-2022-43564 is medium (CVSS 6.5).
What is the affected software for CVE-2022-43564?
The affected software for CVE-2022-43564 is Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2.
What can a remote user do with CVE-2022-43564?
A remote user who can create search macros and schedule search reports can cause a denial of service through the use of specially crafted search macros.
How can I fix CVE-2022-43564?
To fix CVE-2022-43564, it is recommended to upgrade Splunk Enterprise to version 8.1.12, 8.2.9, or 9.0.2 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/references
- agent/first-publish-date
- agent/title
- agent/description
- agent/event
- vendor/splunk
- canonical/splunk splunk
- version/splunk splunk/8.1.0
- version/splunk splunk/8.2.0
- canonical/splunk splunk cloud platform