CVE-2024-36990

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.2.2 Splunk Enterprise versions prior to 9.1.5 Splunk Enterprise versions prior to 9.0.10 Splunk Cloud Platform versions prior to 9.2.2403.100

Description: The issue is related to the datamodel/web REST endpoint in Splunk Enterprise, where an authenticated, low-privileged user could send a specially crafted HTTP POST request, potentially causing a denial of service. This is due to the execution of a loop with an unavailable exit condition. The exploitation of this issue allows a remote attacker to cause a denial of service using a specially crafted HTTP request.

Recommendations: For Splunk Enterprise versions prior to 9.2.2, update to version 9.2.2 or later. For Splunk Enterprise versions prior to 9.1.5, update to version 9.1.5 or later. For Splunk Enterprise versions prior to 9.0.10, update to version 9.0.10 or later. For Splunk Cloud Platform versions prior to 9.2.2403.100, update to version 9.2.2403.100 or later. As a temporary workaround, consider restricting access to the "datamodel/web" REST endpoint until a patch is available.