Splunk Patches High-Severity Vulnerabilities in Enterprise Product
02-July-24
Splunk announced patches for 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including six high-severity bugs. Three high-severity remote code execution (RCE) flaws require authentication: CVE-2024-36985 affects Splunk Enterprise versions 9.2.x, 9.1.x, and 9.0.x and can be mitigated by disabling the ‘splunk_archiver’ application; CVE-2024-36984 impacts Splunk Enterprise for Windows, allowing code execution via a crafted query; and a third RCE involves a vulnerable ReportLab Toolkit in the dashboard PDF generation component. Additionally, a high-severity command injection flaw can be exploited using the deprecated ‘runshellscript’ command. Other fixes address path traversal and denial-of-service issues, with remaining patches for medium-severity flaws. None of these vulnerabilities are reported to have been exploited in the wild. More details are available on Splunk’s security advisories page.
