|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-07-10 | |
| Rule Name: | Splunk Enterprise Arbitrary File Read Vulnerability (CVE-2024-36991) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows. | |
| Impact: | An attacker could exploit this vulnerability to read arbitrary files in the system, which may lead to the disclosure of sensitive information and further system attacks. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://advisory.splunk.com/advisories/SVD-2024-0711 https://research.splunk.com/application/e7c2b064-524e-4d65-8002-efce808567aa |
|
| Solutions |
|---|
| Refer to the announcement or patch by the vendor: https://advisory.splunk.com/advisories/SVD-2024-0711 |