CVE-2024-36984

Summary

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user could execute a specially crafted query that they could then use to serialize untrusted data. The attacker could use the query to execute arbitrary code.

Affected Software

VendorProductVersion RangeStatus
SplunkSplunk Enterprise9.2 < 9.2.2affected
SplunkSplunk Enterprise9.1 < 9.1.5affected
SplunkSplunk Enterprise9.0 < 9.0.10affected

Weaknesses

  • CWE-502: The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References