Authenticated User Vulnerability in Splunk Enterprise and Splunk Cloud Platform Could Allow Arbitrary Code Execution
CVE-2024-36983
8.8HIGH
Key Information:
- Vendor
Splunk
- Vendor
- CVE Published:
- 1 July 2024
What is CVE-2024-36983?
In vulnerable versions of Splunk Enterprise and Splunk Cloud Platform, an authenticated user possesses the capability to create an external lookup that invokes a legacy internal function. This function can be exploited to insert malicious code within the Splunk platform installation directory. Consequently, this can lead to the execution of arbitrary code within the Splunk instance, significantly compromising system integrity and data security.
Affected Version(s)
Splunk Cloud Platform 9.1.2312 < 9.1.2312.109
Splunk Cloud Platform 9.1.2308 < 9.1.2308.207
Splunk Enterprise 9.2 < 9.2.2