CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-36983

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 44.3%

CVSS Severity

CVSS v3 Score 8.0

References

Products affected by CVE-2024-36983

Splunk » Splunk » Version: 9.0.0

cpe:2.3:a:splunk:splunk:9.0.0
Splunk » Splunk » Version: 9.0.3

cpe:2.3:a:splunk:splunk:9.0.3
Splunk » Splunk » Version: 9.0.4

cpe:2.3:a:splunk:splunk:9.0.4
Splunk » Splunk » Version: 9.0.6

cpe:2.3:a:splunk:splunk:9.0.6
Splunk » Splunk » Version: 9.0.7

cpe:2.3:a:splunk:splunk:9.0.7
Splunk » Splunk » Version: 9.0.9

cpe:2.3:a:splunk:splunk:9.0.9
Splunk » Splunk » Version: 9.1.0

cpe:2.3:a:splunk:splunk:9.1.0
Splunk » Splunk » Version: 9.1.0.1

cpe:2.3:a:splunk:splunk:9.1.0.1
Splunk » Splunk » Version: 9.1.0.2

cpe:2.3:a:splunk:splunk:9.1.0.2
Splunk » Splunk » Version: 9.1.1

cpe:2.3:a:splunk:splunk:9.1.1
Splunk » Splunk » Version: 9.1.2

cpe:2.3:a:splunk:splunk:9.1.2
Splunk » Splunk » Version: 9.1.3

cpe:2.3:a:splunk:splunk:9.1.3
Splunk » Splunk » Version: 9.1.4

cpe:2.3:a:splunk:splunk:9.1.4
Splunk » Splunk » Version: 9.2.0

cpe:2.3:a:splunk:splunk:9.2.0
Splunk » Splunk » Version: 9.2.1

cpe:2.3:a:splunk:splunk:9.2.1
Splunk » Splunk Cloud Platform » Version: 9.1.2308

cpe:2.3:a:splunk:splunk_cloud_platform:9.1.2308
Splunk » Splunk Cloud Platform » Version: 9.1.2312

cpe:2.3:a:splunk:splunk_cloud_platform:9.1.2312
Splunk » Splunk Cloud Platform » Version: 9.1.2312.100

cpe:2.3:a:splunk:splunk_cloud_platform:9.1.2312.100
Splunk » Splunk Cloud Platform » Version: 9.1.2312.108

cpe:2.3:a:splunk:splunk_cloud_platform:9.1.2312.108

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-36983

Products

Pricing

Contact Us