"Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities"

Splunk recently announced fixes for 11 vulnerabilities in Splunk Enterprise, two of which are high-severity bugs leading to remote code execution on Windows systems.  Splunk noted that the most severe of the flaws is CVE-2024-45733 (CVSS score of 8.8), an insecure session storage configuration issue that could allow a user without "admin" or "power" Splunk roles to execute code remotely.  According to Splunk, only instances running on Windows machines are affected by this vulnerability.  Instances that do not run Splunk Web are not impacted either.  Splunk Enterprise versions 9.2.3 and 9.1.6 resolve this vulnerability, along with CVE-2024-45731 (CVSS score of 8.0), an arbitrary file write defect leading to remote code execution.  Splunk Enterprise version 9.3.1 also includes patches for this bug.  On Monday, Splunk also announced fixes for CVE-2024-45732, a high-severity information disclosure flaw in Splunk Enterprise and Splunk Cloud Platform that could allow a low-privileged user to run a search as the "nobody" Splunk role and access potentially restricted data.  Patches were included in Splunk Enterprise versions 9.3.1 and 9.2.3 and in Splunk Cloud Platform versions 9.2.2403.103, 9.1.2312.110, 9.1.2312.200, and 9.1.2308.208.  The latest Splunk Enterprise releases also fix dozens of vulnerabilities in third-party packages used in the product.  Patches were also announced for eight medium-severity flaws in Splunk Enterprise that could lead to the execution of JavaScript code, the exposure of plaintext passwords and other configuration settings, unauthorized modifications to settings, Splunk daemon crashes, and the exposure of public/private keys and other data.

SecurityWeek reports: "Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities"