Splunk has released a comprehensive set of security updates to address 16 vulnerabilities across its Splunk Enterprise and Cloud Platform. These updates include fixes of several Splunk vulnerabilities, including high-severity issues, emphasizing the critical nature of maintaining robust cybersecurity practices in enterprise environments.
Among the latest updates, the Splunk vulnerability CVE-2024-36985, a remote code execution (RCE) via the External Lookup in Splunk Enterprise, is one of the most critical vulnerabilities. This vulnerability involves a Remote Code Execution (RCE) risk through an external lookup mechanism in Splunk Enterprise.
This vulnerability affects versions prior to 9.0.10, 9.1.5, and 9.2.2. Attackers exploiting this flaw can execute arbitrary commands by leveraging the “copybuckets.py” script within the “splunk_archiver” application. This issue highlights the importance of upgrading to the latest Splunk versions promptly or temporarily disabling the affected application to mitigate risks.
Another significant vulnerability, CVE-2024-36984, allows authenticated users in Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows to execute arbitrary code through a serialized session payload. This exploit occurs when untrusted data is serialized via the collect SPL command, enabling attackers to execute malicious code within the payload.
“Splunk rates this vulnerability as 8.8, High, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. If the Splunk Enterprise instance disabled splunk_archiver, there is no impact and the severity is Informational”, says Splunk.
Splunk has advised users to update their installations to the latest versions to protect against these vulnerabilities effectively. Additionally, mitigating actions such as disabling the “splunk_archiver” application can provide interim protection until updates can be applied. The company emphasizes the importance of proactive security practices and prompt patch management to safeguard enterprise data and infrastructure.
In addition to the critical vulnerabilities mentioned, Splunk’s security updates also cover issues such as persistent cross-site scripting (XSS) in various endpoints, command injection, denial of service (DoS), and insecure file uploads. Each issue is addressed with specific patches or mitigation recommendations tailored to enhance system security.
While Splunk has not reported active exploitation of these vulnerabilities in the wild, the proactive release of security updates underscores their commitment to maintaining the integrity and security of their platforms. Users are strongly encouraged to implement these updates and follow recommended security practices to mitigate potential risks effectively.
Stay informed and prioritize cybersecurity measures to safeguard your Splunk deployments against emerging threats and vulnerabilities. Regular updates and vigilance are key to maintaining a secure environment in the cybersecurity domain.
For many policymakers, the growing influence of social media and digital platforms on young users makes some form of legislation…
CVE-2026-27944 exposes a critical Nginx UI flaw allowing attackers to download and decrypt server backups, revealing credentials and SSL keys.
ClipXDaemon is a stealthy Linux malware that monitors clipboard activity and replaces crypto wallet addresses, redirecting transactions to attackers.
The prosecution is being handled by the Southern District of New York’s Complex Frauds and Cybercrime Unit.
As part of its Women in Cybersecurity initiative for March, The Cyber Express is highlighting inspiring voices from across the…
The Cyber Express’ “Top 50 Women Leaders in Cybersecurity to Watch in 2026” recognizes professionals whose leadership, expertise, and impact are…
This website uses cookies. By continuing to use this website you are giving consent to cookies being used.
Read More