Executive Summary

Informations
Name CVE-2024-36986 First vendor Publication 2024-07-01
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Overall CVSS Score 5.7
Base Score 5.7 Environmental Score 5.7
impact SubScore 3.6 Temporal Score 5.7
Exploitabality Sub Score 2.1
 
Attack Vector Network Attack Complexity Low
Privileges Required Low User Interaction Required
Scope Unchanged Confidentiality Impact High
Integrity Impact None Availability Impact None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permissions of a higher-privileged user to bypass SPL safeguards for risky commands in the Analytics Workspace. The vulnerability requires the authenticated user to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36986

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 190

Sources (Detail)

https://advisory.splunk.com/advisories/SVD-2024-0706
https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2024-11-25 09:24:20
  • Multiple Updates
2024-08-02 21:27:39
  • Multiple Updates
2024-07-02 17:27:26
  • Multiple Updates
2024-07-01 21:27:22
  • First insertion