CVE-2024-45738

Summary

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the _internal index. This exposure could happen if you configure the Splunk Enterprise REST_Calls log channel at the DEBUG logging level.

Affected Software

VendorProductVersion RangeStatus
SplunkSplunk Enterprise9.3 < 9.3.1affected
SplunkSplunk Enterprise9.2 < 9.2.3affected
SplunkSplunk Enterprise9.1 < 9.1.6affected

Weaknesses

  • CWE-200: The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References