In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, a low-privileged user that does not hold the admin or power Splunk roles could cause a Remote Code Execution through an external lookup that references the “splunk_archiver“ application.
https://securityaffairs.com/165204/security/splunk-enterprise-and-cloud-platform-flaws.html
https://www.securityweek.com/splunk-patches-high-severity-vulnerabilities-in-enterprise-product/
https://research.splunk.com/application/8598f9de-bba8-42a4-8ef0-12e1adda4131
https://advisory.splunk.com/advisories/SVD-2024-0705
Source: Mitre, NVD
Published: 2024-07-01
Updated: 2025-03-07
Base Score: 9
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C
Severity: High
Base Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS: 0.06085