Lucene search

CVE-2024-36997

🗓️ 01 Jul 2024 17:09:15Reported by SplunkType

In Splunk Enterprise and Splunk Cloud, admin user can execute arbitrary javascript code via conf-web/settings endpoin

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 5
CNVD	Splunk Enterprise Cross-Site Scripting Vulnerability (CNVD-2024-34271)	5 Jul 202400:00	–	cnvd
Cvelist	CVE-2024-36997 Persistent Cross-site Scripting (XSS) in conf-web/settings REST endpoint	1 Jul 202416:57	–	cvelist
Tenable Nessus	Splunk Enterprise 9.0.0 < 9.0.10, 9.1.0 < 9.1.5, 9.2.0 < 9.2.2 (SVD-2024-0717)	1 Jul 202400:00	–	nessus
NVD	CVE-2024-36997	1 Jul 202417:15	–	nvd
Vulnrichment	CVE-2024-36997 Persistent Cross-site Scripting (XSS) in conf-web/settings REST endpoint	1 Jul 202416:57	–	vulnrichment

Nvd

Node

splunk splunkRange9.0.0–9.0.10enterprise

splunk splunkRange9.1.0–9.1.5enterprise

splunk splunkRange9.2.0–9.2.2enterprise

splunk splunk_cloud_platformRange9.1.2312–9.1.2312.100

[
  {
    "product": "Splunk Enterprise",
    "vendor": "Splunk",
    "versions": [
      {
        "version": "9.2",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.2.2"
      },
      {
        "version": "9.1",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.1.5"
      },
      {
        "version": "9.0",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.0.10"
      }
    ]
  },
  {
    "product": "Splunk Cloud Platform",
    "vendor": "Splunk",
    "versions": [
      {
        "version": "9.1.2312",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.1.2312.100"
      }
    ]
  }
]

Source	Link
research	www.research.splunk.com/application/ed1209ef-228d-4dab-9856-be9369925a5c
advisory	www.advisory.splunk.com/advisories/SVD-2024-0717

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

01 Jul 2024 17:15Current

7.4High risk

Vulners AI Score7.4

CVSS38.1

EPSS0.00199

SSVC

CWE-79