Splunk: CVE-2022-32155: Universal Forwarder management services allow remote login by default

In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true inserver.confOR allowRemoteLogin = never inserver.confOR mgmtHostPort = localhost inweb.conf. SeeConfigure universal forwarder management securityfor more information on disabling the remote management services. The potential exposure does not affect Splunk Enterprise instances. At the time of publishing, we have no evidence of exploitation of this vulnerability by external parties.