In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
References
Link | Resource |
---|---|
https://advisory.splunk.com/advisories/SVD-2024-0711 | Vendor Advisory |
https://research.splunk.com/application/e7c2b064-524e-4d65-8002-efce808567aa | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
22 Jul 2024, 15:00
Type | Values Removed | Values Added |
---|---|---|
First Time |
Splunk
Microsoft Microsoft windows Splunk splunk |
|
CPE | cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
|
References | () https://advisory.splunk.com/advisories/SVD-2024-0711 - Vendor Advisory | |
References | () https://research.splunk.com/application/e7c2b064-524e-4d65-8002-efce808567aa - Vendor Advisory | |
CWE | CWE-22 |
02 Jul 2024, 12:09
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
01 Jul 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-01 17:15
Updated : 2024-10-15 18:35
NVD link : CVE-2024-36991
Mitre link : CVE-2024-36991
CVE.ORG link : CVE-2024-36991
JSON object : View
Products Affected
microsoft
- windows
splunk
- splunk