8.8

CVE-2024-36984

Remote Code Execution through Serialized Session Payload in Splunk Enterprise on Windows

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user could execute a specially crafted query that they could then use to serialize untrusted data. The attacker could use the query to execute arbitrary code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SplunkSplunk SwEditionenterprise Version >= 9.0.0 < 9.0.10
SplunkSplunk SwEditionenterprise Version >= 9.1.0 < 9.1.5
SplunkSplunk SwEditionenterprise Version >= 9.2.0 < 9.2.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.57% 0.856
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
prodsec@splunk.com 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.