{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-36997", "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "state": "PUBLISHED", "assignerShortName": "Splunk", "dateReserved": "2024-05-30T16:36:21.002Z", "datePublished": "2024-07-01T16:57:47.904Z", "dateUpdated": "2024-10-30T15:06:11.331Z"}, "containers": {"cna": {"affected": [{"product": "Splunk Enterprise", "vendor": "Splunk", "versions": [{"version": "9.2", "status": "affected", "versionType": "custom", "lessThan": "9.2.2"}, {"version": "9.1", "status": "affected", "versionType": "custom", "lessThan": "9.1.5"}, {"version": "9.0", "status": "affected", "versionType": "custom", "lessThan": "9.0.10"}]}, {"product": "Splunk Cloud Platform", "vendor": "Splunk", "versions": [{"version": "9.1.2312", "status": "affected", "versionType": "custom", "lessThan": "9.1.2312.100"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit."}], "value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit."}], "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-0717"}, {"url": "https://research.splunk.com/application/ed1209ef-228d-4dab-9856-be9369925a5c"}], "title": "Persistent Cross-site Scripting (XSS) in conf-web/settings REST endpoint", "datePublic": "2024-07-01T00:00:00.000000", "metrics": [{"cvssV3_1": {"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", "version": "3.1", "baseScore": 4.6, "baseSeverity": "MEDIUM"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", "cweId": "CWE-79"}]}], "source": {"advisory": "SVD-2024-0717"}, "credits": [{"lang": "en", "value": "ST\u00d6K / Fredrik Alexandersson"}], "providerMetadata": {"orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk", "dateUpdated": "2024-10-30T15:06:11.331Z"}}, "adp": [{"affected": [{"vendor": "splunk", "product": "splunk", "cpes": ["cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "9.2", "status": "affected", "lessThan": "9.2.2", "versionType": "custom"}, {"version": "9.1", "status": "affected", "lessThan": "9.1.5", "versionType": "custom"}, {"version": "9.0", "status": "affected", "lessThan": "9.0.10", "versionType": "custom"}]}, {"vendor": "splunk", "product": "splunk_cloud_platform", "cpes": ["cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "9.1.2312", "status": "affected", "lessThan": "9.1.2312.100", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-03T14:17:17.349360Z", "id": "CVE-2024-36997", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-15T17:32:06.701Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:43:50.623Z"}, "title": "CVE Program Container", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-0717", "tags": ["x_transferred"]}, {"url": "https://research.splunk.com/application/ed1209ef-228d-4dab-9856-be9369925a5c", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-0717", "tags": ["x_transferred"]}, {"url": "https://research.splunk.com/application/ed1209ef-228d-4dab-9856-be9369925a5c", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:43:50.623Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-36997", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-03T14:17:17.349360Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*"], "vendor": "splunk", "product": "splunk", "versions": [{"status": "affected", "version": "9.2", "lessThan": "9.2.2", "versionType": "custom"}, {"status": "affected", "version": "9.1", "lessThan": "9.1.5", "versionType": "custom"}, {"status": "affected", "version": "9.0", "lessThan": "9.0.10", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*"], "vendor": "splunk", "product": "splunk_cloud_platform", "versions": [{"status": "affected", "version": "9.1.2312", "lessThan": "9.1.2312.100", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-03T16:25:40.238Z"}}], "cna": {"title": "Persistent Cross-site Scripting (XSS) in conf-web/settings REST endpoint", "source": {"advisory": "SVD-2024-0717"}, "credits": [{"lang": "en", "value": "ST\u00d6K / Fredrik Alexandersson"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 4.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Splunk", "product": "Splunk Enterprise", "versions": [{"status": "affected", "version": "9.2", "lessThan": "9.2.2", "versionType": "custom"}, {"status": "affected", "version": "9.1", "lessThan": "9.1.5", "versionType": "custom"}, {"status": "affected", "version": "9.0", "lessThan": "9.0.10", "versionType": "custom"}]}, {"vendor": "Splunk", "product": "Splunk Cloud Platform", "versions": [{"status": "affected", "version": "9.1.2312", "lessThan": "9.1.2312.100", "versionType": "custom"}]}], "datePublic": "2024-07-01T00:00:00.000000", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-0717"}, {"url": "https://research.splunk.com/application/ed1209ef-228d-4dab-9856-be9369925a5c"}], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit.", "supportingMedia": [{"type": "text/html", "value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cvw", "cweId": "CWE-79", "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users."}]}], "providerMetadata": {"orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk", "dateUpdated": "2024-10-14T16:45:55.740Z"}}}, "cveMetadata": {"cveId": "CVE-2024-36997", "state": "PUBLISHED", "dateUpdated": "2024-10-15T17:32:06.701Z", "dateReserved": "2024-05-30T16:36:21.002Z", "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "datePublished": "2024-07-01T16:57:47.904Z", "assignerShortName": "Splunk"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit."}, {"lang": "es", "value": "En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312, un usuario administrador podr\u00eda almacenar y ejecutar c\u00f3digo JavaScript arbitrario en el contexto del navegador de otro usuario de Splunk a trav\u00e9s de conf-web/settings endpoint REST. Potencialmente, esto podr\u00eda provocar un exploit de cross-site scripting (XSS) persistente."}], "id": "CVE-2024-36997", "lastModified": "2024-10-15T18:35:14.063", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 5.8, "source": "prodsec@splunk.com", "type": "Secondary"}]}, "published": "2024-07-01T17:15:09.143", "references": [{"source": "prodsec@splunk.com", "url": "https://advisory.splunk.com/advisories/SVD-2024-0717"}, {"source": "prodsec@splunk.com", "url": "https://research.splunk.com/application/ed1209ef-228d-4dab-9856-be9369925a5c"}], "sourceIdentifier": "prodsec@splunk.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "prodsec@splunk.com", "type": "Secondary"}]}

{}