SB2024010964 - Multiple vulnerabilities in Splunk Enterprise Security (ES)

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Resource management error (CVE-ID: CVE-2024-22165)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the Investigations manager. A remote user can create a malformed Investigation and perform a denial of service (DoS) attack.

2) Resource exhaustion (CVE-ID: CVE-2024-22164)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when performing investigations in the attachment endpoint. A remote user can trigger resource exhaustion and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://advisory.splunk.com/advisories/SVD-2024-0102
• https://advisory.splunk.com/advisories/SVD-2024-0101