Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2024-36993
HistoryJul 01, 2024 - 5:15 p.m.

CVE-2024-36993

2024-07-0117:15:08
CWE-79
[email protected]
web.nvd.nist.gov
2
splunk
enterprise
cloud platform
version
privileged user
malicious payload
splunk web bulletin messages
unauthorized
javascript code
browser-based attack

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

9.2%

JSON

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user.

Related

cvelist 1
nessus 1
cve 1
vulnrichment 1
cvelist
cvelist
CVE-2024-36993 Persistent Cross-site Scripting (XSS) in Web Bulletin
2024-07-01 16:54:35
nessus
nessus
Splunk Enterprise 9.0.0 < 9.0.10, 9.1.0 < 9.1.5, 9.2.0 < 9.2.2 (SVD-2024-0713)
2024-07-01 00:00:00
cve
cve
CVE-2024-36993
2024-07-01 17:15:08
vulnrichment
vulnrichment
CVE-2024-36993 Persistent Cross-site Scripting (XSS) in Web Bulletin
2024-07-01 16:54:35

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

9.2%

JSON
Related for NVD:CVE-2024-36993
cvelist1nessus1cve1vulnrichment1