Vulnerabilities > CVE-2024-36995 - Missing Authorization vulnerability in Splunk and Splunk Cloud Platform

CVSS 3.5 - LOW

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

splunk

CWE-862

NVD

Published: 2024-07-01

Updated: 2024-08-02

Summary

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items.

Vulnerable Configurations

Part	Description	Count
Application	Splunk Splunk Splunk 9.0.0 Splunk Splunk 9.0.3 Splunk Splunk 9.0.4 Splunk Splunk 9.0.6 Splunk Splunk 9.0.7 Splunk Splunk 9.1.0 Splunk Splunk 9.1.0.1 Splunk Splunk 9.1.0.2 Splunk Splunk 9.1.1 Splunk Splunk 9.1.2 Splunk Splunk 9.1.3 Splunk Splunk * Splunk Splunk Cloud Platform *	13

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References