CVE-2024-36986

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.2.2 Splunk Enterprise versions prior to 9.1.5 Splunk Enterprise versions prior to 9.0.10 Splunk Cloud Platform versions prior to 9.1.2312.200 Splunk Cloud Platform versions prior to 9.1.2308.207

Description: The issue is related to insufficient protection of service data in the Analytics Workspace module of the Splunk Web interface in Splunk Enterprise. An authenticated user could bypass security restrictions and execute arbitrary commands by sending a specially crafted request, but this requires tricking a higher-privileged user into initiating a request within their browser.

Recommendations: For Splunk Enterprise versions prior to 9.2.2, update to version 9.2.2 or later. For Splunk Enterprise versions prior to 9.1.5, update to version 9.1.5 or later. For Splunk Enterprise versions prior to 9.0.10, update to version 9.0.10 or later. For Splunk Cloud Platform versions prior to 9.1.2312.200, update to version 9.1.2312.200 or later. For Splunk Cloud Platform versions prior to 9.1.2308.207, update to version 9.1.2308.207 or later.