Vulnerability-Lookup

CVE-2024-36983 (GCVE-0-2024-36983)

Vulnerability from cvelistv5 – Published: 2024-07-01 16:30 – Updated: 2025-02-28 11:03

Title

Command Injection using External Lookups

Summary

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance.

Severity ?

8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-77 - The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Assigner

Splunk

References

URL

Tags

	https://advisory.splunk.com/advisories/SVD-2024-0703
	https://research.splunk.com/application/1cf58ae1-…

Impacted products

Vendor

Product

Version

Splunk

Splunk Enterprise

Affected: 9.2 , < 9.2.2 (custom)
Affected: 9.1 , < 9.1.5 (custom)
Affected: 9.0 , < 9.0.10 (custom)

Splunk

Splunk Cloud Platform

Affected: 9.1.2312 , < 9.1.2312.109 (custom)
Affected: 9.1.2308 , < 9.1.2308.207 (custom)

Credits

Danylo Dmytriiev (DDV_UA)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "splunk",
            "vendor": "splunk",
            "versions": [
              {
                "lessThan": "9.2.2",
                "status": "affected",
                "version": "9.2",
                "versionType": "custom"
              },
              {
                "lessThan": "9.1.5",
                "status": "affected",
                "version": "9.1",
                "versionType": "custom"
              },
              {
                "lessThan": "9.0.10",
                "status": "affected",
                "version": "9.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "splunk_cloud_platform",
            "vendor": "splunk",
            "versions": [
              {
                "lessThan": "9.1.2312.109",
                "status": "affected",
                "version": "9.1.2312",
                "versionType": "custom"
              },
              {
                "lessThan": "9.1.2308.207",
                "status": "affected",
                "version": "9.1.2308",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36983",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-02T20:10:58.843878Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-15T17:36:43.524Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.454Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://advisory.splunk.com/advisories/SVD-2024-0703"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Splunk Enterprise",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "9.2.2",
              "status": "affected",
              "version": "9.2",
              "versionType": "custom"
            },
            {
              "lessThan": "9.1.5",
              "status": "affected",
              "version": "9.1",
              "versionType": "custom"
            },
            {
              "lessThan": "9.0.10",
              "status": "affected",
              "version": "9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Splunk Cloud Platform",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "9.1.2312.109",
              "status": "affected",
              "version": "9.1.2312",
              "versionType": "custom"
            },
            {
              "lessThan": "9.1.2308.207",
              "status": "affected",
              "version": "9.1.2308",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Danylo Dmytriiev (DDV_UA)"
        }
      ],
      "datePublic": "2024-07-01T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance."
            }
          ],
          "value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-28T11:03:59.649Z",
        "orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
        "shortName": "Splunk"
      },
      "references": [
        {
          "url": "https://advisory.splunk.com/advisories/SVD-2024-0703"
        },
        {
          "url": "https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/"
        }
      ],
      "source": {
        "advisory": "SVD-2024-0703"
      },
      "title": "Command Injection using External Lookups"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
    "assignerShortName": "Splunk",
    "cveId": "CVE-2024-36983",
    "datePublished": "2024-07-01T16:30:41.779Z",
    "dateReserved": "2024-05-30T16:36:20.999Z",
    "dateUpdated": "2025-02-28T11:03:59.649Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://advisory.splunk.com/advisories/SVD-2024-0703\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T03:43:50.454Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-36983\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-02T20:10:58.843878Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*\"], \"vendor\": \"splunk\", \"product\": \"splunk\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.2\", \"lessThan\": \"9.2.2\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"9.1\", \"lessThan\": \"9.1.5\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"9.0\", \"lessThan\": \"9.0.10\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*\"], \"vendor\": \"splunk\", \"product\": \"splunk_cloud_platform\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.1.2312\", \"lessThan\": \"9.1.2312.109\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"9.1.2308\", \"lessThan\": \"9.1.2308.207\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-75\", \"description\": \"CWE-75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-03T14:37:03.276Z\"}}], \"cna\": {\"title\": \"Command Injection using External Lookups\", \"source\": {\"advisory\": \"SVD-2024-0703\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"Danylo Dmytriiev (DDV_UA)\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Splunk\", \"product\": \"Splunk Enterprise\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.2\", \"lessThan\": \"9.2.2\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"9.1\", \"lessThan\": \"9.1.5\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"9.0\", \"lessThan\": \"9.0.10\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Splunk\", \"product\": \"Splunk Cloud Platform\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.1.2312\", \"lessThan\": \"9.1.2312.109\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"9.1.2308\", \"lessThan\": \"9.1.2308.207\", \"versionType\": \"custom\"}]}], \"datePublic\": \"2024-07-01T00:00:00.000Z\", \"references\": [{\"url\": \"https://advisory.splunk.com/advisories/SVD-2024-0703\"}, {\"url\": \"https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-77\", \"description\": \"The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.\"}]}], \"providerMetadata\": {\"orgId\": \"42b59230-ec95-491e-8425-5a5befa1a469\", \"shortName\": \"Splunk\", \"dateUpdated\": \"2025-02-28T11:03:59.649Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-36983\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-28T11:03:59.649Z\", \"dateReserved\": \"2024-05-30T16:36:20.999Z\", \"assignerOrgId\": \"42b59230-ec95-491e-8425-5a5befa1a469\", \"datePublished\": \"2024-07-01T16:30:41.779Z\", \"assignerShortName\": \"Splunk\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CNVD-2024-34264

Vulnerability from cnvd - Published: 2024-08-01

Title

Splunk Enterprise命令注入漏洞

Description

Splunk是美国Splunk公司的一套数据收集分析软件。该软件主要用于收集、索引和分析及其所产生的数据，包括所有IT系统和基础结构（物理、虚拟机和云）生成的数据。 Splunk Enterprise存在命令注入漏洞，攻击者可利用该漏洞执行任意代码。

Severity

高

Patch Name

Splunk Enterprise命令注入漏洞的补丁

Patch Description

Splunk是美国Splunk公司的一套数据收集分析软件。该软件主要用于收集、索引和分析及其所产生的数据，包括所有IT系统和基础结构（物理、虚拟机和云）生成的数据。 Splunk Enterprise存在命令注入漏洞，攻击者可利用该漏洞执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://advisory.splunk.com/advisories/SVD-2024-0703

Reference

https://advisory.splunk.com/advisories/SVD-2024-0703

Impacted products

Name
['Splunk Splunk Enterprise <9.2.2', 'Splunk Splunk Enterprise <9.1.5', 'Splunk Splunk Enterprise <9.0.10', 'Splunk splunk cloud platform <9.1.2312.109', 'Splunk splunk cloud platform <9.1.2308.207']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-36983",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-36983"
    }
  },
  "description": "Splunk\u662f\u7f8e\u56fdSplunk\u516c\u53f8\u7684\u4e00\u5957\u6570\u636e\u6536\u96c6\u5206\u6790\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u4e3b\u8981\u7528\u4e8e\u6536\u96c6\u3001\u7d22\u5f15\u548c\u5206\u6790\u53ca\u5176\u6240\u4ea7\u751f\u7684\u6570\u636e\uff0c\u5305\u62ec\u6240\u6709IT\u7cfb\u7edf\u548c\u57fa\u7840\u7ed3\u6784\uff08\u7269\u7406\u3001\u865a\u62df\u673a\u548c\u4e91\uff09\u751f\u6210\u7684\u6570\u636e\u3002\n\nSplunk Enterprise\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://advisory.splunk.com/advisories/SVD-2024-0703",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-34264",
  "openTime": "2024-08-01",
  "patchDescription": "Splunk\u662f\u7f8e\u56fdSplunk\u516c\u53f8\u7684\u4e00\u5957\u6570\u636e\u6536\u96c6\u5206\u6790\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u4e3b\u8981\u7528\u4e8e\u6536\u96c6\u3001\u7d22\u5f15\u548c\u5206\u6790\u53ca\u5176\u6240\u4ea7\u751f\u7684\u6570\u636e\uff0c\u5305\u62ec\u6240\u6709IT\u7cfb\u7edf\u548c\u57fa\u7840\u7ed3\u6784\uff08\u7269\u7406\u3001\u865a\u62df\u673a\u548c\u4e91\uff09\u751f\u6210\u7684\u6570\u636e\u3002\r\n\r\nSplunk Enterprise\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Splunk Enterprise\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Splunk Splunk Enterprise \u003c9.2.2",
      "Splunk Splunk Enterprise \u003c9.1.5",
      "Splunk Splunk Enterprise \u003c9.0.10",
      "Splunk splunk cloud platform \u003c9.1.2312.109",
      "Splunk splunk cloud platform \u003c9.1.2308.207"
    ]
  },
  "referenceLink": "https://advisory.splunk.com/advisories/SVD-2024-0703",
  "serverity": "\u9ad8",
  "submitTime": "2024-07-05",
  "title": "Splunk Enterprise\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2024-36983

Vulnerability from fstec - Published: 01.07.2024

Title

Уязвимость технологии External Lookups платформы для операционного анализа Splunk Enterprise, позволяющая нарушителю повысить свои привилегии и выполнить произвольные команды

Description

Уязвимость технологии External Lookups платформы для операционного анализа Splunk Enterprise связана с некорректной нейтрализацией специальных элементов, используемых в команде операционной системы в результате использования модели данных для обнаружения нерегламентированных поисков Search_Activity. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, повысить свои привилегии и выполнить произвольные команды

Severity ?


                    
                      AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Vendor

Splunk Inc.

Software Name

Splunk Enterprise, Splunk Cloud Platform

Software Version

от 9.2.0 до 9.2.1 включительно (Splunk Enterprise), от 9.1.0 до 9.1.4 включительно (Splunk Enterprise), от 9.0.0 до 9.0.9 включительно (Splunk Enterprise), от 9.1.2312.100 до 9.1.2312.108 включительно (Splunk Cloud Platform), до 9.1.2308.207 (Splunk Cloud Platform)

Possible Mitigations

Использование рекомендаций: https://advisory.splunk.com/advisories/SVD-2024-0703

Reference

https://advisory.splunk.com/advisories/SVD-2024-0703 https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/ https://vuldb.com/?id.270104 https://github.com/advisories/GHSA-62xc-vffq-mcgg https://dev.splunk.com/enterprise/docs/devtools/externallookups/

CWE

CWE-75, CWE-77

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Splunk Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 9.2.0 \u0434\u043e 9.2.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Splunk Enterprise), \u043e\u0442 9.1.0 \u0434\u043e 9.1.4 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Splunk Enterprise), \u043e\u0442 9.0.0 \u0434\u043e 9.0.9 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Splunk Enterprise), \u043e\u0442 9.1.2312.100 \u0434\u043e 9.1.2312.108 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Splunk Cloud Platform), \u0434\u043e 9.1.2308.207 (Splunk Cloud Platform)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://advisory.splunk.com/advisories/SVD-2024-0703",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "01.07.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "11.10.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "11.10.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-07963",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-36983",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Splunk Enterprise, Splunk Cloud Platform",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0438 External Lookups \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u0434\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0433\u043e \u0430\u043d\u0430\u043b\u0438\u0437\u0430 Splunk Enterprise, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432 \u0432 \u0434\u0440\u0443\u0433\u0443\u044e \u043f\u043b\u043e\u0441\u043a\u043e\u0441\u0442\u044c (\u0412\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u043e\u0441\u043e\u0431\u043e\u0433\u043e \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u0430) (CWE-75), \u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0447\u0438\u0441\u0442\u043a\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 \u043d\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0449\u0435\u043c \u0443\u0440\u043e\u0432\u043d\u0435 (\u0412\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0443) (CWE-77)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0438 External Lookups \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u0434\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0433\u043e \u0430\u043d\u0430\u043b\u0438\u0437\u0430 Splunk Enterprise \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0435\u0439 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043c\u043e\u0434\u0435\u043b\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0434\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u043d\u0435\u0440\u0435\u0433\u043b\u0430\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043f\u043e\u0438\u0441\u043a\u043e\u0432 Search_Activity. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://advisory.splunk.com/advisories/SVD-2024-0703 \nhttps://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/\nhttps://vuldb.com/?id.270104\nhttps://github.com/advisories/GHSA-62xc-vffq-mcgg\nhttps://dev.splunk.com/enterprise/docs/devtools/externallookups/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-75, CWE-77",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8)"
}

CERTFR-2024-AVI-0535

Vulnerability from certfr_avis - Published: 2024-07-02 - Updated: 2024-07-02

De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 9.1.2308.x antérieures à 9.1.2308.209
Splunk	Splunk Enterprise	Splunk Enterprise versions 9.0.x antérieures à 9.0.10
Splunk	Splunk Enterprise	Splunk Enterprise versions 9.2.x antérieures à 9.2.2
Splunk	Universal Forwarder	Universal Forwarder sur Solaris versions 9.0.x antérieures à 9.0.10
Splunk	Splunk Enterprise	Splunk Enterprise versions 9.1.x antérieures à 9.1.5
Splunk	Universal Forwarder	Universal Forwarder sur Solaris versions 9.2.x antérieures à 9.2.2
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 9.1.2312.x antérieures à 9.1.2312.202
Splunk	Universal Forwarder	Universal Forwarder sur Solaris versions 9.1.x antérieures à 9.1.5

References

Title

Publication Time

Tags

Bulletin de sécurité Splunk SVD-2024-0711	2024-07-01	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-0718	2024-07-01	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-0716	2024-07-01	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-0709	2024-07-01	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-0707	2024-07-01	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-0704	2024-07-01	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-0710	2024-07-01	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-0717	2024-07-01	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-0705	2024-07-01	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-0715	2024-07-01	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-0712	2024-07-01	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-0714	2024-07-01	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-0703	2024-07-01	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-0708	2024-07-01	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-0713	2024-07-01	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-0706	2024-07-01	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Splunk Cloud Platform versions 9.1.2308.x ant\u00e9rieures \u00e0 9.1.2308.209",
      "product": {
        "name": "Splunk Cloud Platform",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 9.0.x ant\u00e9rieures \u00e0 9.0.10",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 9.2.x ant\u00e9rieures \u00e0 9.2.2",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Universal Forwarder sur Solaris versions 9.0.x ant\u00e9rieures \u00e0 9.0.10",
      "product": {
        "name": "Universal Forwarder",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 9.1.x ant\u00e9rieures \u00e0 9.1.5",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Universal Forwarder sur Solaris versions 9.2.x ant\u00e9rieures \u00e0 9.2.2",
      "product": {
        "name": "Universal Forwarder",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Cloud Platform versions 9.1.2312.x ant\u00e9rieures \u00e0 9.1.2312.202",
      "product": {
        "name": "Splunk Cloud Platform",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Universal Forwarder sur Solaris versions 9.1.x ant\u00e9rieures \u00e0 9.1.5",
      "product": {
        "name": "Universal Forwarder",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2022-40899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40899"
    },
    {
      "name": "CVE-2024-36996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36996"
    },
    {
      "name": "CVE-2021-29425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
    },
    {
      "name": "CVE-2023-43642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
    },
    {
      "name": "CVE-2023-37920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
    },
    {
      "name": "CVE-2024-36985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36985"
    },
    {
      "name": "CVE-2022-36364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36364"
    },
    {
      "name": "CVE-2024-36989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36989"
    },
    {
      "name": "CVE-2023-34454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
    },
    {
      "name": "CVE-2023-47627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47627"
    },
    {
      "name": "CVE-2024-36991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36991"
    },
    {
      "name": "CVE-2022-40897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
    },
    {
      "name": "CVE-2023-34453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
    },
    {
      "name": "CVE-2024-36983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36983"
    },
    {
      "name": "CVE-2023-35116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
    },
    {
      "name": "CVE-2024-36992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36992"
    },
    {
      "name": "CVE-2024-36995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36995"
    },
    {
      "name": "CVE-2023-37276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37276"
    },
    {
      "name": "CVE-2024-36993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36993"
    },
    {
      "name": "CVE-2023-34455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
    },
    {
      "name": "CVE-2024-36984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36984"
    },
    {
      "name": "CVE-2023-45803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
    },
    {
      "name": "CVE-2023-39410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
    },
    {
      "name": "CVE-2018-10237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
    },
    {
      "name": "CVE-2023-43804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
    },
    {
      "name": "CVE-2024-36994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36994"
    },
    {
      "name": "CVE-2020-8908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
    },
    {
      "name": "CVE-2024-36987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36987"
    },
    {
      "name": "CVE-2022-40896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40896"
    },
    {
      "name": "CVE-2024-36986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36986"
    },
    {
      "name": "CVE-2024-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
    },
    {
      "name": "CVE-2024-36997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36997"
    },
    {
      "name": "CVE-2023-2976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
    },
    {
      "name": "CVE-2022-40898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40898"
    },
    {
      "name": "CVE-2023-32681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
    },
    {
      "name": "CVE-2023-5752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
    },
    {
      "name": "CVE-2024-36990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36990"
    }
  ],
  "initial_release_date": "2024-07-02T00:00:00",
  "last_revision_date": "2024-07-02T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0535",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-07-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
  "vendor_advisories": [
    {
      "published_at": "2024-07-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0711",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0711"
    },
    {
      "published_at": "2024-07-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0718",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0718"
    },
    {
      "published_at": "2024-07-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0716",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0716"
    },
    {
      "published_at": "2024-07-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0709",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0709"
    },
    {
      "published_at": "2024-07-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0707",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0707"
    },
    {
      "published_at": "2024-07-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0704",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0704"
    },
    {
      "published_at": "2024-07-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0710",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0710"
    },
    {
      "published_at": "2024-07-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0717",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0717"
    },
    {
      "published_at": "2024-07-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0705",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0705"
    },
    {
      "published_at": "2024-07-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0715",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0715"
    },
    {
      "published_at": "2024-07-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0712",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0712"
    },
    {
      "published_at": "2024-07-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0714",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0714"
    },
    {
      "published_at": "2024-07-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0703",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0703"
    },
    {
      "published_at": "2024-07-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0708",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0708"
    },
    {
      "published_at": "2024-07-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0713",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0713"
    },
    {
      "published_at": "2024-07-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0706",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0706"
    }
  ]
}

FKIE_CVE-2024-36983

Vulnerability from fkie_nvd - Published: 2024-07-01 17:15 - Updated: 2025-03-07 17:13

Severity ?

8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
prodsec@splunk.com	https://advisory.splunk.com/advisories/SVD-2024-0703	Vendor Advisory
prodsec@splunk.com	https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/	Tool Signature
af854a3a-2127-422b-91ae-364da2661108	https://advisory.splunk.com/advisories/SVD-2024-0703	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/	Tool Signature

Impacted products

Vendor	Product	Version
splunk	splunk	*
splunk	splunk	*
splunk	splunk	*
splunk	splunk_cloud_platform	*
splunk	splunk_cloud_platform	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "09264EE5-FA8A-49C5-AB1F-AEAC16CDC591",
              "versionEndExcluding": "9.0.10",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "565039EE-74F6-451C-AFB3-F6C9F7AA0EEE",
              "versionEndExcluding": "9.1.5",
              "versionStartIncluding": "9.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B1342052-4733-49BB-95F0-A89B07A3F2E3",
              "versionEndExcluding": "9.2.2",
              "versionStartIncluding": "9.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D220E842-2B15-416F-960B-397166883F9F",
              "versionEndExcluding": "9.1.2308.207",
              "versionStartIncluding": "9.1.2308",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2E66C0D-BD3A-46CE-9578-068401F094C0",
              "versionEndExcluding": "9.1.2312.109",
              "versionStartIncluding": "9.1.2312",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance."
    },
    {
      "lang": "es",
      "value": "En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.109 y 9.1.2308.207, un usuario autenticado podr\u00eda crear una b\u00fasqueda externa que llame a una funci\u00f3n interna heredada. El usuario autenticado podr\u00eda utilizar esta funci\u00f3n interna para insertar c\u00f3digo en el directorio de instalaci\u00f3n de la plataforma Splunk. Desde all\u00ed, el usuario podr\u00eda ejecutar c\u00f3digo arbitrario en la instancia de la plataforma Splunk."
    }
  ],
  "id": "CVE-2024-36983",
  "lastModified": "2025-03-07T17:13:55.270",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 5.9,
        "source": "prodsec@splunk.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-07-01T17:15:06.257",
  "references": [
    {
      "source": "prodsec@splunk.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0703"
    },
    {
      "source": "prodsec@splunk.com",
      "tags": [
        "Tool Signature"
      ],
      "url": "https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0703"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Tool Signature"
      ],
      "url": "https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/"
    }
  ],
  "sourceIdentifier": "prodsec@splunk.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "prodsec@splunk.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-62XC-VFFQ-MCGG

Vulnerability from github – Published: 2024-07-01 18:32 – Updated: 2024-07-01 18:32

Details

Severity ?

8.0 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-36983"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-75",
      "CWE-77"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-01T17:15:06Z",
    "severity": "HIGH"
  },
  "details": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance.",
  "id": "GHSA-62xc-vffq-mcgg",
  "modified": "2024-07-01T18:32:40Z",
  "published": "2024-07-01T18:32:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36983"
    },
    {
      "type": "WEB",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0703"
    },
    {
      "type": "WEB",
      "url": "https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-36983 (GCVE-0-2024-36983)

CNVD-2024-34264

CVE-2024-36983

CERTFR-2024-AVI-0535

Solutions

FKIE_CVE-2024-36983

GHSA-62XC-VFFQ-MCGG

Tags

Sightings

Nomenclature