mickmick.net

Splunk Products Multiple Vulnerabilities

Release Date: 3 Jul 2024

RISK: Medium Risk

TYPE: Servers - Other Servers

Multiple vulnerabilities were identified in Splunk products. A remote attacker could exploit some of these vulnerabilities to trigger cross-site scripting, denial of service condition, elevation of privilege, remote code execution, security restriction bypass, sensitive information disclosure and data manipulation on the targeted system.

---

Impact

• Cross-Site Scripting
• Denial of Service
• Elevation of Privilege
• Remote Code Execution
• Security Restriction Bypass
• Information Disclosure
• Data Manipulation

---

System / Technologies affected

• Splunk Enterprise versions 9.2.0 to 9.2.1
• Splunk Enterprise versions 9.1.0 to 9.1.4
• Splunk Enterprise versions 9.0.0 to 9.0.9
• Splunk Cloud Platform versions below 9.1.2312.201
• Splunk Cloud Platform versions below 9.1.2308.208

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://advisory.splunk.com/advisories/SVD-2024-0701
• https://advisory.splunk.com/advisories/SVD-2024-0702
• https://advisory.splunk.com/advisories/SVD-2024-0703
• https://advisory.splunk.com/advisories/SVD-2024-0704
• https://advisory.splunk.com/advisories/SVD-2024-0705
• https://advisory.splunk.com/advisories/SVD-2024-0706
• https://advisory.splunk.com/advisories/SVD-2024-0707
• https://advisory.splunk.com/advisories/SVD-2024-0709
• https://advisory.splunk.com/advisories/SVD-2024-0710
• https://advisory.splunk.com/advisories/SVD-2024-0711
• https://advisory.splunk.com/advisories/SVD-2024-0712
• https://advisory.splunk.com/advisories/SVD-2024-0713
• https://advisory.splunk.com/advisories/SVD-2024-0714
• https://advisory.splunk.com/advisories/SVD-2024-0715
• https://advisory.splunk.com/advisories/SVD-2024-0716
• https://advisory.splunk.com/advisories/SVD-2024-0717
• https://advisory.splunk.com/advisories/SVD-2024-0718

---

Vulnerability Identifier

• CVE-2018-10237
• CVE-2020-8908
• CVE-2021-29425
• CVE-2022-36364
• CVE-2022-40896
• CVE-2022-40897
• CVE-2022-40898
• CVE-2022-40899
• CVE-2023-2976
• CVE-2023-5752
• CVE-2023-32681
• CVE-2023-34453
• CVE-2023-34454
• CVE-2023-34455
• CVE-2023-35116
• CVE-2023-37276
• CVE-2023-37920
• CVE-2023-39410
• CVE-2023-43642
• CVE-2023-43804
• CVE-2023-45803
• CVE-2023-47627
• CVE-2024-3651
• CVE-2024-36982
• CVE-2024-36983
• CVE-2024-36984
• CVE-2024-36985
• CVE-2024-36986
• CVE-2024-36987
• CVE-2024-36989
• CVE-2024-36990
• CVE-2024-36991
• CVE-2024-36992
• CVE-2024-36993
• CVE-2024-36994
• CVE-2024-36995
• CVE-2024-36996
• CVE-2024-36997

---

Source

• Splunk

---

Related Link

• https://advisory.splunk.com/advisories/SVD-2024-0701
• https://advisory.splunk.com/advisories/SVD-2024-0702
• https://advisory.splunk.com/advisories/SVD-2024-0703
• https://advisory.splunk.com/advisories/SVD-2024-0704
• https://advisory.splunk.com/advisories/SVD-2024-0705
• https://advisory.splunk.com/advisories/SVD-2024-0706
• https://advisory.splunk.com/advisories/SVD-2024-0707
• https://advisory.splunk.com/advisories/SVD-2024-0709
• https://advisory.splunk.com/advisories/SVD-2024-0710
• https://advisory.splunk.com/advisories/SVD-2024-0711
• https://advisory.splunk.com/advisories/SVD-2024-0712
• https://advisory.splunk.com/advisories/SVD-2024-0713
• https://advisory.splunk.com/advisories/SVD-2024-0714
• https://advisory.splunk.com/advisories/SVD-2024-0715
• https://advisory.splunk.com/advisories/SVD-2024-0716
• https://advisory.splunk.com/advisories/SVD-2024-0717
• https://advisory.splunk.com/advisories/SVD-2024-0718