CVE-2024-36991 — Vulnetix

CVE-2024-36991 PUBLISHED

Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.

EPSS 93.62% · 99.8th percentile

Risk Scores

EPSS Score

93.62%

99.8th percentile

Affected Products

Vendor	Product	Versions
Splunk	Splunk Splunk Enterprise <9.0.10
Splunk	Splunk Splunk Enterprise <9.1.5
Debian	Debian Linux
Splunk	Splunk Splunk Enterprise <9.2.2

Exploit Intelligence

Critical Splunk Vulnerability CVE-2024-36991: Patch Now to Prevent Arbitrary File Reads (github-poc-repo)
Critical Splunk Vulnerability CVE-2024-36991: Patch Now to Prevent Arbitrary File Reads (github-poc-repo)
Critical Splunk Vulnerability CVE-2024-36991: Patch Now to Prevent Arbitrary File Reads (github-poc-repo)
Critical Splunk Vulnerability CVE-2024-36991: Patch Now to Prevent Arbitrary File Reads (github-poc-repo)
Critical Splunk Vulnerability CVE-2024-36991: Patch Now to Prevent Arbitrary File Reads (github-poc-repo)
Critical Splunk Vulnerability CVE-2024-36991: Patch Now to Prevent Arbitrary File Reads (github-poc-repo)
Critical Splunk Vulnerability CVE-2024-36991: Patch Now to Prevent Arbitrary File Reads (github-poc-repo)
Critical Splunk Vulnerability CVE-2024-36991: Patch Now to Prevent Arbitrary File Reads (github-poc-repo)
Proof of Concept for CVE-2024-36991. Path traversal for Splunk versions below 9.2.2, 9.1.5, and 9.0.10 for Windows which allows arbitrary file read. (github-poc-repo)
Proof of Concept for CVE-2024-36991. Path traversal for Splunk versions below 9.2.2, 9.1.5, and 9.0.10 for Windows which allows arbitrary file read. (github-poc-repo)

…and 174 more exploits

Timeline

Jul 1, 2024 CVE Published
Jul 2, 2024 EPSS Score
Jul 9, 2024 PoC Published
Jul 24, 2024 EPSS Score
Sep 5, 2024 EPSS Score
Sep 29, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 16, 2024 EPSS Score
Oct 17, 2024 Coalition ESS Score
Nov 7, 2024 Coalition ESS Score
Nov 13, 2024 EPSS Score
Dec 6, 2024 EPSS Score

References

https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1494.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1494 advisory
https://advisory.splunk.com/advisories/SVD-2024-0701 advisory
https://advisory.splunk.com/advisories/SVD-2024-0702 advisory
https://advisory.splunk.com/advisories/SVD-2024-0703 advisory
https://advisory.splunk.com/advisories/SVD-2024-0704 advisory
https://advisory.splunk.com/advisories/SVD-2024-0705 advisory
https://advisory.splunk.com/advisories/SVD-2024-0706 advisory
https://advisory.splunk.com/advisories/SVD-2024-0707 advisory
https://advisory.splunk.com/advisories/SVD-2024-0708 advisory
https://advisory.splunk.com/advisories/SVD-2024-0709 advisory
https://advisory.splunk.com/advisories/SVD-2024-0710 advisory
https://advisory.splunk.com/advisories/SVD-2024-0711 advisory
https://advisory.splunk.com/advisories/SVD-2024-0712 advisory
https://advisory.splunk.com/advisories/SVD-2024-0713 advisory
https://advisory.splunk.com/advisories/SVD-2024-0714 advisory
https://advisory.splunk.com/advisories/SVD-2024-0715 advisory
https://advisory.splunk.com/advisories/SVD-2024-0716 advisory
https://advisory.splunk.com/advisories/SVD-2024-0717 advisory
https://lists.debian.org/debian-security-announce/2024/msg00205.html advisory

…and 2 more

Open in Interactive Console →

$ Console Community · 100/wk Open console ›