Lucene search

[email protected]NVD:CVE-2024-36991

HistoryJul 01, 2024 - 5:15 p.m.

CVE-2024-36991

2024-07-0117:15:07

CWE-35

[email protected]

web.nvd.nist.gov

splunk

enterprise

windows

path traversal

vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

9.2%

JSON

In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.

References

advisory.splunk.com/advisories/SVD-2024-0711

research.splunk.com/application/e7c2b064-524e-4d65-8002-efce808567aa

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for NVD:CVE-2024-36991

vulnrichment1 nessus1 cve1 cvelist1