Vulnerabilities > CVE-2024-45733 - Deserialization of Untrusted Data vulnerability in Splunk

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

splunk

CWE-502

NVD

Published: 2024-10-14

Updated: 2024-10-16

Summary

In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) due to an insecure session storage configuration.

Vulnerable Configurations

Part	Description	Count
Application	Splunk Splunk Splunk 9.1.0 Splunk Splunk 9.1.0.1 Splunk Splunk 9.1.0.2 Splunk Splunk 9.1.1 Splunk Splunk 9.1.2 Splunk Splunk 9.1.3 Splunk Splunk *	7
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://advisory.splunk.com/advisories/SVD-2024-1003
https://research.splunk.com/application/c97e0704-d9c6-454d-89ba-1510a987bf72/