CVE-2024-53246

Published Dec 10, 2024

Last updated 3 months ago

CVSS medium 5.3

Overview

Description
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability, such as a Risky Commands Bypass, for successful exploitation.
Source
prodsec@splunk.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.3
Impact score
3.6
Exploitability score
1.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

prodsec@splunk.com
CWE-319

Social media

Hype score
Not currently trending

  1. CVE-2024-53246 Sensitive Data Exposure in Splunk via Exploitable SPL Command In Splunk Enterprise versions older than 9.3.2, 9.2.4, and 9.1.7, and in Splunk Cloud Platform versions before 9.3.2408.101, 9.2.2406.1... https://t.co/APIn1Qq5jg

    @VulmonFeeds

    10 Dec 2024

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References