Splunk Enterprise DoS via datamodel/web REST (pre-9.2.2/9.1.5/9.0.10 & Cloud <9.2.2403.100)
CVE-2024-36990 Published on July 1, 2024
Denial of Service (DoS) on the datamodel/web REST endpoint
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk roles could send a specially crafted HTTP POST request to the datamodel/web REST endpoint in Splunk Enterprise, potentially causing a denial of service.
Weakness Type
What is an Infinite Loop Vulnerability?
The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. If the loop can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory.
CVE-2024-36990 has been classified to as an Infinite Loop vulnerability or weakness.
Products Associated with CVE-2024-36990
stack.watch emails you whenever new vulnerabilities are published in Splunk or Splunk Cloud Platform. Just hit a watch button to start following.
Affected Versions
Splunk Enterprise:- Version 9.2 and below 9.2.2 is affected.
- Version 9.1 and below 9.1.5 is affected.
- Version 9.0 and below 9.0.10 is affected.
- Version 9.1.2312 and below 9.1.2312.202 is affected.
- Version 9.1.2312 and below 9.1.2312.109 is affected.
- Version 9.1.2308 and below 9.1.2308.209 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.