CVE-2024-36996Observable Response Discrepancy in Cloud Platform

CWE-204Observable Response DiscrepancyCWE-203Observable Discrepancy3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.4%
top 37.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Splunk Cloud PlatformSplunk EnterpriseSplunk
Timeline
PublishedJul 1

Description

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additional brute-force password-guessing attacks. This vulnerability would require that the Splunk platform instance uses the Security Assertion Markup Langua

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

CVEListV5splunk/splunk_cloud_platform9.1.23129.1.2312.109
NVDsplunk/splunk_cloud_platform9.1.23129.1.2312.109
CVEListV5splunk/splunk_enterprise9.29.2.2+2
NVDsplunk/splunk9.1.09.1.5+2

🔴Vulnerability Details

2
GHSA
GHSA-jgc6-c9v8-vfqw: In Splunk Enterprise versions below 92024-07-01
CVEList
Information Disclosure of user names2024-07-01
CVE-2024-36996 — Observable Response Discrepancy | cvebase