CVE-2024-36991 Information

Description

In Splunk Enterprise on Windows versions below 9.2.2 9.1.5 and 9.0.10 an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.

Reference

https://advisory.splunk.com/advisories/SVD-2024-0711 https://research.splunk.com/application/e7c2b064-524e-4d65-8002-efce808567aa