CVE-2024-36985

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, a low-privileged user that does not hold the admin or power Splunk roles could cause a Remote Code Execution through an external lookup that references the “splunk_archiver“ application.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://advisory.splunk.com/advisories/SVD-2024-0705
https://research.splunk.com/application/8598f9de-bba8-42a4-8ef0-12e1adda4131

Configurations

No configuration.

History

No history.

Information

Published : 2024-07-01 17:15

Updated : 2024-07-08 14:18

NVD link : CVE-2024-36985

Mitre link : CVE-2024-36985

CVE.ORG link : CVE-2024-36985

JSON object : View

Products Affected

No product.

CWE

CWE-687

Function Call With Incorrectly Specified Argument Value

CWE-253

Incorrect Check of Function Return Value

8.8 /10