CVE-2024-36983

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.2.2 Splunk Enterprise versions prior to 9.1.5 Splunk Enterprise versions prior to 9.0.10 Splunk Cloud Platform versions prior to 9.1.2312.109 Splunk Cloud Platform versions prior to 9.1.2308.207

Description: The issue is related to the external lookup technology in Splunk Enterprise, which can be exploited by an authenticated user to create an external lookup that calls a legacy internal function. This function can be used to insert code into the Splunk platform installation directory, allowing the user to execute arbitrary code on the Splunk platform instance. The vulnerability is associated with the incorrect neutralization of special elements used in the operating system command.

Recommendations: For Splunk Enterprise versions prior to 9.2.2, update to version 9.2.2 or later. For Splunk Enterprise versions prior to 9.1.5, update to version 9.1.5 or later. For Splunk Enterprise versions prior to 9.0.10, update to version 9.0.10 or later. For Splunk Cloud Platform versions prior to 9.1.2312.109, update to version 9.1.2312.109 or later. For Splunk Cloud Platform versions prior to 9.1.2308.207, update to version 9.1.2308.207 or later. As a temporary workaround, consider restricting access to the external lookup feature until a patch is applied.