CVE-2024-45733

Summary

In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) due to an insecure session storage configuration.

Affected Software

VendorProductVersion RangeStatus
SplunkSplunk Enterprise9.2 < 9.2.3affected
SplunkSplunk Enterprise9.1 < 9.1.6affected

Weaknesses

  • CWE-502: The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References