- 204/2024
- High
Splunk has released security updates to fix multiple vulnerabilities affecting Splunk Enterprise and Splunk Cloud Platform.
The addressed vulnerabilities could allow the attacker to perform cross-site scripting attacks, obtain sensitive information, bypass security restrictions, conduct denial of service attacks, or execute arbitrary code and gain access to the affected product.
Sample of the addressed vulnerabilities:
1. Splunk Enterprise Code Execution Vulnerability (CVE-2024-36984):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
2. Splunk Enterprise Directory Traversal Vulnerability (CVE-2024-36991):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information
Affected products:
- Splunk Enterprise 9.0.0 to 9.0.9.
- Splunk Enterprise 9.1.0 to 9.1.4.
- Splunk Enterprise 9.2.0 to 9.2.1.
- Splunk Cloud Versions 9.1.2312.100 to 9.1.2312.108.
- Splunk Cloud Versions 9.1.2312.200 to 9.1.2312.201.
- Splunk Cloud Versions below 9.1.2312.200.
- Splunk Cloud Versions below 9.1.2308.207.
- Splunk Cloud Versions below 9.1.2308.208.
- Splunk Cloud Versions below 9.1.2312.109.
It should be highlighted that security researchers disclosed a proof-of-concept (PoC) exploit that exists in the wild for CVE-2024-36991.
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.