CVE-2024-36984

🗓️ 01 Jul 2024 17:06:15Reported by [email protected]Type

Authenticated user can execute specially crafted query to serialize untrusted data leading to arbitrary code execution in Splunk Enterprise below versions 9.2.2, 9.1.5, and 9.0.10 on Window

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 5
Cvelist	CVE-2024-36984 Remote Code Execution through Serialized Session Payload in Splunk Enterprise on Windows	1 Jul 202416:30	–	cvelist
Vulnrichment	CVE-2024-36984 Remote Code Execution through Serialized Session Payload in Splunk Enterprise on Windows	1 Jul 202416:30	–	vulnrichment
Tenable Nessus	Splunk Enterprise 9.0.0 < 9.0.10, 9.1.0 < 9.1.5, 9.2.0 < 9.2.2 (SVD-2024-0704)	1 Jul 202400:00	–	nessus
CNVD	Splunk Enterprise Deserialization Vulnerability	5 Jul 202400:00	–	cnvd
CVE	CVE-2024-36984	1 Jul 202417:15	–	cve

Nvd

Node

splunk splunkRange9.0.0–9.0.10enterprise

splunk splunkRange9.1.0–9.1.5enterprise

splunk splunkRange9.2.0–9.2.2enterprise

Source	Link
advisory	www.advisory.splunk.com/advisories/SVD-2024-0704
research	www.research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

01 Jul 2024 17:15Current

CVSS38.8

EPSS0.00921

CWE-502