CVE-2024-36993

🗓️ 01 Jul 2024 16:54:35Reported by SplunkType

Splunk Enterprise and Splunk Cloud Platform versions below specified could allow low-privileged user to execute unauthorized JavaScript code via Bulletin Message

Reporter	Title	Published	Views	Family All 9
CNNVD	Splunk Cloud Platform和Splunk Enterprise 安全漏洞	1 Jul 202400:00	–	cnnvd
CNVD	Splunk Enterprise Cross-Site Scripting Vulnerability (CNVD-2024-34269)	5 Jul 202400:00	–	cnvd
Cvelist	CVE-2024-36993 Persistent Cross-site Scripting (XSS) in Web Bulletin	1 Jul 202416:54	–	cvelist
EUVD	EUVD-2024-36380	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Splunk	2 Jul 202413:15	–	ncsc
NVD	CVE-2024-36993	1 Jul 202417:15	–	nvd
Positive Technologies	PT-2024-27235 · Splunk · Splunk Cloud Platform +1	1 Jul 202400:00	–	ptsecurity
Tenable Nessus	Splunk Enterprise 9.0.0 < 9.0.10, 9.1.0 < 9.1.5, 9.2.0 < 9.2.2 (SVD-2024-0713)	1 Jul 202400:00	–	nessus
Vulnrichment	CVE-2024-36993 Persistent Cross-site Scripting (XSS) in Web Bulletin	1 Jul 202416:54	–	vulnrichment

NVD

Node

splunk splunkRange9.0.0–9.0.10enterprise

splunk splunkRange9.1.0–9.1.5enterprise

splunk splunkRange9.2.0–9.2.2enterprise

splunk splunk_cloud_platformRange9.1.2308–9.1.2308.207

splunk splunk_cloud_platformRange9.1.2312–9.1.2312.200

[
  {
    "product": "Splunk Enterprise",
    "vendor": "Splunk",
    "versions": [
      {
        "version": "9.2",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.2.2"
      },
      {
        "version": "9.1",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.1.5"
      },
      {
        "version": "9.0",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.0.10"
      }
    ]
  },
  {
    "product": "Splunk Cloud Platform",
    "vendor": "Splunk",
    "versions": [
      {
        "version": "9.1.2312",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.1.2312.200"
      },
      {
        "version": "9.1.2308",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.1.2308.207"
      }
    ]
  }
]

Source	Link
advisory	www.advisory.splunk.com/advisories/SVD-2024-0713
research	www.research.splunk.com/application/fd852b27-1882-4505-9f2c-64dfb96f4fc1

28 Feb 2025 11:03Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.15.4

EPSS0.01051

SSVC

CWE-79