Severity Level: High
Title:
Security Updates – Splunk Products
Timestamp:
Tuesday July 5, 2024
Summary:
Splunk addressed 16 vulnerabilities in Splunk Enterprise and Cloud Platform including six high�severity bugs. Three of the high-severity issues are remote code execution flaws that require authentication for successful exploitation. Remote Code Execution (RCE):
• CVE-2024-36985 (Splunk Enterprise versions 9.2.x, 9.1.x, and 9.0.x) - Exploitable by low�privileged user, mitigated by disabling 'splunk_archiver' application. Patched in versions 9.2.2, 9.1.5, and 9.0.10.
• CVE-2024-36984 (Splunk Enterprise for Windows) - Requires use of 'collect' SPL command. • Dashboard PDF generation (Enterprise & Cloud Platform) - Due to vulnerable ReportLab Toolkit library (v3.6.1)
Fixed Versions: • Splunk Enterprise versions 9.2.2, 9.1.5, and 9.0.10, or higher.
Recommendations:
recommends to applying the security updates recently released by Splunk.
References:
For references :
Click here