CVE-2024-36983 HIGH

CVE-2024-36983: Command Injection using External Lookups

Vendor Splunk
Product Splunk Enterprise
Weakness CWE-77
Published July 1, 2024
Last update February 28, 2025

CVSS base score

8.0/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance.

Key dates

02Disclosure timeline

July 1, 2024 CVE published
February 28, 2025 Record updated