CVE-2024-36994: 
Splunk Enterprise vulnerability analysis and mitigation

CVE-2024-36994 is a Cross-site Scripting (XSS) vulnerability affecting Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207. The vulnerability was discovered and disclosed on July 1, 2024, allowing low-privileged users without admin or power roles to craft malicious payloads through View and Splunk Web Bulletin Messages, potentially leading to unauthorized JavaScript code execution in users' browsers (Splunk Advisory).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) with a CVSSv3.1 score of 5.4 (Medium). The vulnerability stems from improper validation of the 'ping' URL attribute and the 'url' parameter, which are not properly escaped, potentially leading to Stored Cross-site Scripting (XSS) exploits (Splunk Advisory).

When exploited, this vulnerability allows attackers to execute unauthorized JavaScript code in the browser context of other users. The impact is rated as medium severity with partial confidentiality and integrity impacts, though no availability impact has been identified (Splunk Advisory).

The primary mitigation is to upgrade Splunk Enterprise to versions 9.2.2, 9.1.5, and 9.0.10 or higher. For Splunk Cloud Platform, Splunk is performing upgrades as part of Routine Maintenance. As a workaround, organizations can disable Splunk Web, though this may impact functionality. Splunk is actively monitoring for potential exploitation of this vulnerability (Splunk Advisory).