Risk | High |
Patch available | YES |
Number of vulnerabilities | 15 |
CVE-ID | CVE-2024-36991 CVE-2024-36997 CVE-2024-36996 CVE-2024-36995 CVE-2024-36994 CVE-2024-36993 CVE-2024-36992 CVE-2024-36990 CVE-2024-36982 CVE-2024-36989 CVE-2024-36987 CVE-2024-36986 CVE-2024-36985 CVE-2024-36984 CVE-2024-36983 |
CWE-ID | CWE-22 CWE-79 CWE-200 CWE-264 CWE-835 CWE-476 CWE-284 CWE-434 CWE-639 CWE-94 CWE-502 CWE-77 |
Exploitation vector | Network |
Public exploit | Public exploit code for vulnerability #1 is available. |
Vulnerable software Subscribe |
Splunk Enterprise Server applications / IDS/IPS systems, Firewalls and proxy servers |
Vendor | Splunk Inc. |
Security Bulletin
This security bulletin contains information about 15 vulnerabilities.
EUVDB-ID: #VU93553
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2024-36991
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the /modules/messaging/ endpoint. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
Note, the vulnerability affects Splunk Enterprise on Windows.
Install update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.1
CPE2.3http://advisory.splunk.com/advisories/SVD-2024-0711
http://research.splunk.com/application/e7c2b064-524e-4d65-8002-efce808567aa
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU93547
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36997
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a user attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data at the conf-web/settings REST endpoint A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.1
CPE2.3http://advisory.splunk.com/advisories/SVD-2024-0717
http://research.splunk.com/application/ed1209ef-228d-4dab-9856-be9369925a5c
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93548
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36996
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can enumerate application's users.
Install updates from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.1
CPE2.3http://advisory.splunk.com/advisories/SVD-2024-0716
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93549
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36995
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to create experimental roles.
The vulnerability exists due to application does not properly impose security restrictions. A remote low-privileged user can create experimental items.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.1
CPE2.3http://advisory.splunk.com/advisories/SVD-2024-0715
http://research.splunk.com/application/84afda04-0cd6-466b-869e-70d6407d0a34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93550
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36994
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when handling View and Splunk Web Bulletin Messages. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.1
CPE2.3http://advisory.splunk.com/advisories/SVD-2024-0714
http://research.splunk.com/application/b0a67520-ae82-4cf6-b04e-9f6cce56830d
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93551
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36993
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when handling Splunk Web Bulletin Messages. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.1
CPE2.3http://advisory.splunk.com/advisories/SVD-2024-0713
http://research.splunk.com/application/fd852b27-1882-4505-9f2c-64dfb96f4fc1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93552
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36992
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when handling Splunk Web Bulletin Messages. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Install updates from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.1
CPE2.3http://advisory.splunk.com/advisories/SVD-2024-0712
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93554
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36990
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when handling requests within the datamodel/web REST endpoint. A remote user can send specially crafted requests to the application and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.1
CPE2.3http://advisory.splunk.com/advisories/SVD-2024-0710
http://research.splunk.com/application/45766810-dbb2-44d4-b889-b4ba3ee0d1f5
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93572
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36982
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the cluster/config REST endpoint. A remote attacker can send specially crafted request to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.1
CPE2.3http://advisory.splunk.com/advisories/SVD-2024-0702
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93566
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36989
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user can bypass implemented security restrictions and create notifications in Splunk Web Bulletin Messages.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.1
CPE2.3http://advisory.splunk.com/advisories/SVD-2024-0709
http://research.splunk.com/application/4b7f368f-4322-47f8-8363-2c466f0b7030
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93567
Risk: Medium
CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36987
CWE-ID:
CWE-434 - Unrestricted Upload of File with Dangerous Type
Exploit availability: No
DescriptionThe vulnerability allows a remote user to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file during file upload within the indexing/preview REST endpoint. A remote user can upload a malicious XML file and use it to perform XSLT injection attacks.
Install updates from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.1
CPE2.3http://advisory.splunk.com/advisories/SVD-2024-0707
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93568
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36986
CWE-ID:
CWE-639 - Authorization Bypass Through User-Controlled Key
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to improperly imposed security restrictions. A remote user can execute dangerous commands by manipulating the Search ID and using the permissions of a higher-privileged user to bypass SPL safeguards for risky commands in the Analytics Workspace.
Install updates from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.1
CPE2.3http://advisory.splunk.com/advisories/SVD-2024-0706
http://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93569
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36985
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in copybuckets.py. A remote user can send a specially crafted request and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.1
CPE2.3http://advisory.splunk.com/advisories/SVD-2024-0705
http://research.splunk.com/application/8598f9de-bba8-42a4-8ef0-12e1adda4131
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93570
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36984
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data. A remote user can pass specially crafted data to the application and execute arbitrary code on the target system.
Note, the vulnerability affects Splunk Enterprise on Windows.
Install updates from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.1
CPE2.3http://advisory.splunk.com/advisories/SVD-2024-0704
http://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93571
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36983
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary commands on the system.
The vulnerability exists due to improper input validation when using external lookups. A remote user can create an external lookup that calls a legacy internal function and execute arbitrary commands on the system.
Install updates from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.1
CPE2.3http://advisory.splunk.com/advisories/SVD-2024-0703
http://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.