CVE-2024-36989

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.2.2 Splunk Enterprise versions prior to 9.1.5 Splunk Enterprise versions prior to 9.0.10 Splunk Cloud Platform versions prior to 9.1.2312.200

Description: The issue is related to insufficient access control in the Splunk Web Bulletin Messages module of the Splunk Web interface in Splunk Enterprise. This could allow a remote attacker to impact the confidentiality and integrity of protected information by sending specially crafted notifications. A low-privileged user without admin or power Splunk roles could create notifications in Splunk Web Bulletin Messages that all users on the instance receive.

Recommendations: For Splunk Enterprise versions prior to 9.2.2, update to version 9.2.2 or later. For Splunk Enterprise versions prior to 9.1.5, update to version 9.1.5 or later. For Splunk Enterprise versions prior to 9.0.10, update to version 9.0.10 or later. For Splunk Cloud Platform versions prior to 9.1.2312.200, update to version 9.1.2312.200 or later. As a temporary workaround, consider restricting access to the Splunk Web Bulletin Messages module to minimize the risk of exploitation.