In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user could execute a specially crafted query that they could then use to serialize untrusted data. The attacker could use the query to execute arbitrary code.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Splunk
Published: 2024-07-01T16:30:44.270Z
Updated: 2024-12-10T18:00:48.580Z
Reserved: 2024-05-30T16:36:20.999Z
Link: CVE-2024-36984
Vulnrichment
Updated: 2024-08-02T03:43:50.601Z
NVD
Status : Awaiting Analysis
Published: 2024-07-01T17:15:06.480
Modified: 2024-11-21T09:22:58.517
Link: CVE-2024-36984
Redhat
No data.