Lucene search

[email protected]NVD:CVE-2024-36991

HistoryJul 01, 2024 - 5:15 p.m.

CVE-2024-36991

2024-07-0117:15:07

CWE-22

CWE-35

[email protected]

web.nvd.nist.gov

splunk

enterprise

windows

path traversal

vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.098

Percentile

94.9%

JSON

In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.

Affected configurations

Nvd

Node

splunksplunkRange9.0.0–9.0.10enterprise

splunksplunkRange9.1.0–9.1.5enterprise

splunksplunkRange9.2.0–9.2.2enterprise

AND

microsoftwindowsMatch-

VendorProductVersionCPE
splunksplunk*cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
splunk	splunk	*	cpe:2.3:a:splunk:splunk:::::enterprise:::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*

References

advisory.splunk.com/advisories/SVD-2024-0711

research.splunk.com/application/e7c2b064-524e-4d65-8002-efce808567aa

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.098

Percentile

94.9%

JSON

Related for NVD:CVE-2024-36991

cvelist1 cve1 nessus1 githubexploit2 vulnrichment1 nuclei1 openvas1