In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user could execute a specially crafted query that they could then use to serialize untrusted data. The attacker could use the query to execute arbitrary code.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Splunk

Published: 2024-07-01T16:30:44.270Z

Updated: 2024-12-10T18:00:48.580Z

Reserved: 2024-05-30T16:36:20.999Z

Link: CVE-2024-36984

cve-icon Vulnrichment

Updated: 2024-08-02T03:43:50.601Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-07-01T17:15:06.480

Modified: 2024-11-21T09:22:58.517

Link: CVE-2024-36984

cve-icon Redhat

No data.