Synthesis
Splunk has released security updates to fix some vulnerabilities, including 4 with “high” severity, in the popular Enterprise and Cloud Platform network traffic analysis products.
Risk
Estimated impact of vulnerability on the reference community: HIGH/ORANGE (65.12/100)1.
Type
- Remote Code Execution
- Arbitrary File Read
Affected products and versions
Splunk
- Enterprise 9.0.x, versions prior to 9.0.10
- Enterprise 9.1.x, versions prior to 9.1.5
- Enterprise 9.2.x, versions prior to 9.2.2
- Cloud Platform 9.1.2308.x, versions prior to 9.1.2308.207
- Cloud Platform 9.1.2312.x, from version 9.1.2312.100 to 9.1.2312.108
Mitigation actions
In line with the vendor’s statements, it is recommended to apply the available mitigations following the instructions in the security bulletin in the References section.
Unique vulnerability identifiers – updated 07/04/2024
Below are the only CVEs relating to vulnerabilities with “high” severity:
References
https://advisory.splunk.com//advisories/SVD-2024-0704
https://advisory.splunk.com//advisories/SVD-2024-0705
https://advisory.splunk.com//advisories/SVD-2024-0703
https://advisory.splunk.com//advisories/SVD-2024-0711
https://advisory.splunk.com/?301=/en_us/product-security.html
1This estimate is carried out taking into account various parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
