CVE-2024-36991

Path Traversal on the “/modules/messaging/“ endpoint in Splunk Enterprise on Windows

CVSS 7.5 HIGHEPSS 13.1%CWE-35

In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Productos afectados

Splunk · Splunk Enterprise

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://advisory.splunk.com/advisories/SVD-2024-0711 https://research.splunk.com/application/e7c2b064-524e-4d65-8002-efce808567aa