Splunk has patched multiple vulnerabilities in Splunk Enterprise, including high-severity remote code execution bugs.
July 2, 2024 By Ionut Arghire
Splunk on Monday announced patches for 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including six high-severity bugs.
Three of the high-severity issues are remote code execution flaws that require authentication for successful exploitation.
The first of them, tracked as CVE-2024-36985, could be exploited by a low-privileged user through a lookup that likely references the ‘splunk_archiver’ application. The issue affects Splunk Enterprise versions 9.2.x, 9.1.x, and 9.0.x.
Splunk Enterprise versions 9.2.2, 9.1.5, and 9.0.10 address the vulnerability. The bug can also be mitigated by disabling the ‘splunk_archiver’ application.
Impacting Splunk Enterprise for Windows and tracked as CVE-2024-36984, the second RCE bug allows an authenticated attacker to execute a crafted query to serialize untrusted data and execute arbitrary code.
