Splunk Patches High-Severity Vulnerabilities in Enterprise Product
Splunk has released patches for 16 vulnerabilities in its Enterprise and Cloud Platform products, including six high-severity issues. Among these, three high-severity vulnerabilities are remote code execution (RCE) flaws that require authentication to exploit. CVE-2024-36985 allows a low-privileged user to exploit the vulnerability through a lookup referencing the 'splunk\_archiver' application, affecting versions 9.2.x, 9.1.x, and 9.0.x of Splunk Enterprise. CVE-2024-36984 enables an attacker to execute arbitrary code via a crafted query on Splunk Enterprise for Windows. The third RCE is related to the dashboard PDF generation component using a vulnerable version of the ReportLab Toolkit Python library. Additionally, a high-severity command injection flaw was patched, which could allow code execution within a privileged context. Other high-severity issues include a path traversal vulnerability in Splunk Enterprise on Windows and a denial-of-service vulnerability in both Enterprise and Cloud Platform products. Medium-severity flaws were also addressed in the update. Splunk has not reported any active exploitation of these vulnerabilities in the wild. Users are advised to update their installations with the provided patches to mitigate these security risks. CVEs: CVE-2024-36985, CVE-2024-36984 [View Article](https://www.securityweek.com/splunk-patches-high-severity-vulnerabilities-in-enterprise-product/)