CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-36990

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk roles could send a specially crafted HTTP POST request to the datamodel/web REST endpoint in Splunk Enterprise, potentially causing a denial of service.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 49.1%

CVSS Severity

CVSS v3 Score 6.5

References

Products affected by CVE-2024-36990

Splunk » Splunk » Version: 9.0.0

cpe:2.3:a:splunk:splunk:9.0.0
Splunk » Splunk » Version: 9.0.3

cpe:2.3:a:splunk:splunk:9.0.3
Splunk » Splunk » Version: 9.0.4

cpe:2.3:a:splunk:splunk:9.0.4
Splunk » Splunk » Version: 9.0.6

cpe:2.3:a:splunk:splunk:9.0.6
Splunk » Splunk » Version: 9.0.7

cpe:2.3:a:splunk:splunk:9.0.7
Splunk » Splunk » Version: 9.0.9

cpe:2.3:a:splunk:splunk:9.0.9
Splunk » Splunk » Version: 9.1.0

cpe:2.3:a:splunk:splunk:9.1.0
Splunk » Splunk » Version: 9.1.0.1

cpe:2.3:a:splunk:splunk:9.1.0.1
Splunk » Splunk » Version: 9.1.0.2

cpe:2.3:a:splunk:splunk:9.1.0.2
Splunk » Splunk » Version: 9.1.1

cpe:2.3:a:splunk:splunk:9.1.1
Splunk » Splunk » Version: 9.1.2

cpe:2.3:a:splunk:splunk:9.1.2
Splunk » Splunk » Version: 9.1.3

cpe:2.3:a:splunk:splunk:9.1.3
Splunk » Splunk » Version: 9.1.4

cpe:2.3:a:splunk:splunk:9.1.4
Splunk » Splunk » Version: 9.2.0

cpe:2.3:a:splunk:splunk:9.2.0
Splunk » Splunk » Version: 9.2.1

cpe:2.3:a:splunk:splunk:9.2.1
Splunk » Splunk Cloud Platform » Version: Any

cpe:2.3:a:splunk:splunk_cloud_platform:*
Splunk » Splunk Cloud Platform » Version: 9.1.2308

cpe:2.3:a:splunk:splunk_cloud_platform:9.1.2308
Splunk » Splunk Cloud Platform » Version: 9.1.2308.207

cpe:2.3:a:splunk:splunk_cloud_platform:9.1.2308.207
Splunk » Splunk Cloud Platform » Version: 9.1.2312.100

cpe:2.3:a:splunk:splunk_cloud_platform:9.1.2312.100
Splunk » Splunk Cloud Platform » Version: 9.1.2312.108

cpe:2.3:a:splunk:splunk_cloud_platform:9.1.2312.108

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-36990

Products

Pricing

Contact Us