CVE-2024-36995: 
Splunk Enterprise vulnerability analysis and mitigation

CVE-2024-36995 is a security vulnerability discovered in Splunk Enterprise and Splunk Cloud Platform. The vulnerability was disclosed on July 1, 2024, affecting Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207. The issue allows low-privileged users without admin or power Splunk roles to create experimental items, representing a potential security risk (Splunk Advisory).

The vulnerability is classified as CWE-862 (Missing Authorization) and has received a CVSS v3.1 base score of 3.5 LOW from NVD and 5.4 MEDIUM from Splunk Inc. The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating that it requires network access, low attack complexity, low privileges, and user interaction (NVD).

The vulnerability affects the REST API component of both Splunk Enterprise and Splunk Cloud Platform. When exploited, it allows unauthorized users to create experimental items within the system, potentially compromising the system's security controls and authorization mechanisms (Splunk Advisory).

The recommended solution is to upgrade Splunk Enterprise to versions 9.2.2, 9.1.5, or 9.0.10 or higher. For Splunk Cloud Platform, Splunk is performing upgrades on instances as part of Routine Maintenance for customers, as described in the Splunk Cloud Platform Maintenance Policy. No alternative workarounds are available (Splunk Advisory).