CVE-2024-36983

CVSS V2 None CVSS V3 None

Description

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance.

Overview

CVE ID
CVE-2024-36983

Assigner
Splunk

Vulnerability Status
PUBLISHED

Published Version
2024-07-01T16:30:41.779Z

Last Modified Date
2024-07-01T23:33:06.801Z

Weakness Enumerations

CWE	URL
CWE-77	http://cwe.mitre.org/data/definitions/77.html

References

Reference URL	Reference Tags
https://advisory.splunk.com/advisories/SVD-2024-0703
https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-36983
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36983

History

Created	Old Value	New Value	Data Type	Notes
2024-07-02 13:07:42				Added to TrackCVE