CVE-2024-36997

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.2.2 Splunk Enterprise versions prior to 9.1.5 Splunk Enterprise versions prior to 9.0.10 Splunk Cloud Platform versions prior to 9.1.2312

Description: The issue is related to the Splunk Web interface of the Splunk Enterprise platform for operational analysis, which fails to take measures to protect the web page structure. This could potentially allow a remote attacker to perform cross-site scripting (XSS) attacks. An admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint, potentially causing a persistent cross-site scripting (XSS) exploit.

Recommendations: For Splunk Enterprise versions prior to 9.2.2, update to version 9.2.2 or later. For Splunk Enterprise versions prior to 9.1.5, update to version 9.1.5 or later. For Splunk Enterprise versions prior to 9.0.10, update to version 9.0.10 or later. For Splunk Cloud Platform versions prior to 9.1.2312, update to version 9.1.2312 or later. As a temporary workaround, consider restricting access to the conf-web/settings REST endpoint until a patch is available.