Splunk Product Security Update Advisory (CVE-2024-36991)

Jul 09 2024

Overview

Splunk(https://www.splunk.com/ ) has released a security update that fixes vulnerabilities in products supplied by Splunk. users of affected products are advised to update to the latest version.

Affected Products

Splunk Enterprise versions: 9.2.0 (inclusive) ~ 9.2.1 (inclusive)
Splunk Enterprise versions: 9.1.0 (inclusive) ~ 9.1.4 (inclusive)
Splunk Enterprise versions: 9.0.0 (inclusive) ~ 9.0.9 (inclusive)

Resolved Vulnerabilities

Vulnerability in Splunk Enterprise on Windows in the “/modules/messaging/” endpoint that allows attackers to perform path traversal (CVE-2024-36991)

Vulnerability Patches

Vulnerability patches for the product were made available in the 07/01/2024 update. Please follow the instructions on the Referenced Sites to update to the latest version

Splunk Enterprise version: 9.2.2
Splunk Enterprise version: 9.1.5
Splunk Enterprise version: 9.0.10

Referenced Sites

[1] CVE-2024-36991 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-36991

[2] Path Traversal on the “/modules/messaging/” endpoint in Splunk Enterprise on Windows

https://advisory.splunk.com/advisories/SVD-2024-0711

Splunk Product Security Update Advisory (CVE-2024-36991)

GeoServer and GeoTools Security Update Advisory (CVE-2024-36401)

DELL Family (Client BIOS, Data Protection, Telemetry Dashboard) Security Update Advisory

Tags:

GeoServer and GeoTools Security Update Advisory (CVE-2024-36401)

DELL Family (Client BIOS, Data Protection, Telemetry Dashboard) Security Update Advisory