CVE-2024-45741

MEDIUM EPSS 95.8%

Published Oct 14, 20241y ago · Modified Jun 17, 20261w ago

5.4 CVSS 3.1

Medium

Published Oct 14, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a malicious payload through a custom configuration file that the "api.uri" parameter from the "/manager/search/apps/local" endpoint in Splunk Web calls. This could result in execution of unauthorized JavaScript code in the browser of a user.

CVSS Details

Base Score

5.4

Exploitability

2.3

Impact

2.7

Vector string

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction Required

Scope Changed

Confidentiality Low

Integrity Low

Availability None

Threat Intelligence

EPSS Exploit Probability

95.8% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 4

Vendor	Product	Version	Range
splunk	splunk	*	≥9.1.0 – <9.1.6
splunk	splunk	*	≥9.2.0 – <9.2.3
splunk	splunk_cloud_platform	*	≥9.1.2312 – <9.1.2312.205
splunk	splunk_cloud_platform	*	≥9.2.2403.100 – <9.2.2403.108

References 2

advisory.splunk.com https://advisory.splunk.com/advisories/SVD-2024-1011

Vendor Advisory
research.splunk.com https://research.splunk.com/application/d7b5aa71-157f-4359-9c34-e35752b1d0a2/

Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.