CVE-2024-36997

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit.

CVSS v3.0 8.1 HIGH

8.1^/10

CVSS v3.0 : HIGH

Vector :

Exploitability : 1.7 / Impact : 5.8

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://advisory.splunk.com/advisories/SVD-2024-0717	Vendor Advisory
https://advisory.splunk.com/advisories/SVD-2024-0717	Vendor Advisory
https://research.splunk.com/application/ed1209ef-228d-4dab-9856-be9369925a5c	Tool Signature
https://research.splunk.com/application/ed1209ef-228d-4dab-9856-be9369925a5c	Tool Signature

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk_cloud_platform::::::::

History

07 Mar 2025, 16:48

Type	Values Removed	Values Added
References	~~() https://research.splunk.com/application/ed1209ef-228d-4dab-9856-be9369925a5c -~~	() https://research.splunk.com/application/ed1209ef-228d-4dab-9856-be9369925a5c - Tool Signature
References	~~() https://advisory.splunk.com/advisories/SVD-2024-0717 -~~	() https://advisory.splunk.com/advisories/SVD-2024-0717 - Vendor Advisory
CPE		cpe:2.3:a:splunk:splunk_cloud_platform:::::::: cpe:2.3:a:splunk:splunk:::::enterprise:::*
First Time		Splunk Splunk splunk Cloud Platform Splunk splunk
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.1
CWE		CWE-79

01 Jul 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-01 17:15

Updated : 2025-03-07 17:20

NVD link : CVE-2024-36997

Mitre link : CVE-2024-36997

JSON object : View

Products Affected

splunk

splunk
splunk_cloud_platform

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-0717", "name": "https://advisory.splunk.com/advisories/SVD-2024-0717", "tags": ["Vendor Advisory"], "refsource": ""}, {"url": "https://advisory.splunk.com/advisories/SVD-2024-0717", "name": "https://advisory.splunk.com/advisories/SVD-2024-0717", "tags": ["Vendor Advisory"], "refsource": ""}, {"url": "https://research.splunk.com/application/ed1209ef-228d-4dab-9856-be9369925a5c", "name": "https://research.splunk.com/application/ed1209ef-228d-4dab-9856-be9369925a5c", "tags": ["Tool Signature"], "refsource": ""}, {"url": "https://research.splunk.com/application/ed1209ef-228d-4dab-9856-be9369925a5c", "name": "https://research.splunk.com/application/ed1209ef-228d-4dab-9856-be9369925a5c", "tags": ["Tool Signature"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-36997", "ASSIGNER": "prodsec@splunk.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 1.7}}, "publishedDate": "2024-07-01T17:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "9.0.10", "versionStartIncluding": "9.0.0"}, {"cpe23Uri": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "9.1.5", "versionStartIncluding": "9.1.0"}, {"cpe23Uri": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "9.2.2", "versionStartIncluding": "9.2.0"}, {"cpe23Uri": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "9.1.2312.100", "versionStartIncluding": "9.1.2312"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-03-07T17:20Z"}