CVE-2024-36994

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.2.2 Splunk Enterprise versions prior to 9.1.5 Splunk Enterprise versions prior to 9.0.10 Splunk Cloud Platform versions prior to 9.1.2312.200 Splunk Cloud Platform versions prior to 9.1.2308.207

Description: The issue is related to the Bulletin Messages module in the Splunk Web interface of the Splunk Enterprise platform, which fails to take measures to protect the web page structure. This could allow a remote attacker to perform cross-site scripting attacks. A low-privileged user without admin or power Splunk roles could craft a malicious payload through a View and Splunk Web Bulletin Messages, resulting in the execution of unauthorized JavaScript code in a user's browser.

Recommendations: For Splunk Enterprise versions prior to 9.2.2, update to version 9.2.2 or later. For Splunk Enterprise versions prior to 9.1.5, update to version 9.1.5 or later. For Splunk Enterprise versions prior to 9.0.10, update to version 9.0.10 or later. For Splunk Cloud Platform versions prior to 9.1.2312.200, update to version 9.1.2312.200 or later. For Splunk Cloud Platform versions prior to 9.1.2308.207, update to version 9.1.2308.207 or later. As a temporary workaround, consider restricting access to the Bulletin Messages module in the Splunk Web interface until a patch is available.