CVE-2024-45733 — Deserialization of Untrusted Data in Enterprise

CWE-502 — Deserialization of Untrusted Data3 documents3 sources

Severity

8.8HIGHNVD

EPSS

4.1%

top 11.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Splunk Enterprise Splunk

Timeline

PublishedOct 14

Description

In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) due to an insecure session storage configuration.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5splunk/splunk_enterprise9.2 — 9.2.3+1

▶NVDsplunk/splunk9.1.0 — 9.1.6+1

🔴Vulnerability Details

CVEList

Remote Code Execution (RCE) due to insecure session storage configuration in Splunk Enterprise on Windows↗2024-10-14

▶

GHSA

GHSA-f98v-q2j5-v4qc: In Splunk Enterprise for Windows versions below 9↗2024-10-14

▶