Splunk Enterprise <=9.2.1 Windows RCE via query serialization
CVE-2024-36984 Published on July 1, 2024
Remote Code Execution through Serialized Session Payload in Splunk Enterprise on Windows
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user could execute a specially crafted query that they could then use to serialize untrusted data. The attacker could use the query to execute arbitrary code.
Weakness Type
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2024-36984 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Products Associated with CVE-2024-36984
Want to know whenever a new CVE is published for Splunk? stack.watch will email you.
Affected Versions
Splunk Enterprise:- Version 9.2 and below 9.2.2 is affected.
- Version 9.1 and below 9.1.5 is affected.
- Version 9.0 and below 9.0.10 is affected.
- Version 9.0 and below 9.0.10 is affected.
- Version 9.1 and below 9.1.5 is affected.
- Version 9.2 and below 9.2.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.