Vulnerability Description
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Splunk | Splunk | >= 9.0.0, < 9.0.10 |
| Splunk | Splunk Cloud Platform | >= 9.1.2312, < 9.1.2312.100 |
Related Weaknesses (CWE)
References
- https://advisory.splunk.com/advisories/SVD-2024-0717Vendor Advisory
- https://research.splunk.com/application/ed1209ef-228d-4dab-9856-be9369925a5cTool Signature
- https://advisory.splunk.com/advisories/SVD-2024-0717Vendor Advisory
- https://research.splunk.com/application/ed1209ef-228d-4dab-9856-be9369925a5cTool Signature
FAQ
What is CVE-2024-36997?
CVE-2024-36997 is a vulnerability with a CVSS score of 8.1 (HIGH). In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context o...
How severe is CVE-2024-36997?
CVE-2024-36997 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-36997?
Check the references section above for vendor advisories and patch information. Affected products include: Splunk Splunk, Splunk Splunk Cloud Platform.