CVE-2024-36982
Last modified
CVE-2024-36982 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an attacker could trigger a null pointer reference on the cluster/config REST endpoint, which could result in a crash of the Splunk daemon.. EPSS estimates a 0.49% chance of exploitation in the next 30 days.
Description
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an attacker could trigger a null pointer reference on the cluster/config REST endpoint, which could result in a crash of the Splunk daemon.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Splunk | Cloud | >= 9.1.2308, < 9.1.2308.207 |
| Splunk | Cloud | >= 9.1.2312.100, < 9.1.2312.109 |
| Splunk | Splunk | >= 9.0.0, < 9.0.10 |
| Splunk | Splunk | >= 9.1.0, < 9.1.5 |
| Splunk | Splunk | >= 9.2.0, < 9.2.2 |
References
- https://advisory.splunk.com/advisories/SVD-2024-0702Vendor Advisory
- https://advisory.splunk.com/advisories/SVD-2024-0702Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-36982?
How severe is CVE-2024-36982?
How do I fix CVE-2024-36982?
Are you affected by CVE-2024-36982?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST