CVE-2024-36996

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.2.2 Splunk Enterprise versions prior to 9.1.5 Splunk Enterprise versions prior to 9.0.10 Splunk Cloud Platform versions prior to 9.1.2312.109

Description: The issue is related to the implementation of the Security Assertion Markup Language (SAML) standard in Splunk Enterprise. An attacker could determine whether another user exists on the instance by deciphering the error response received when attempting to log in. This could lead to additional brute-force password-guessing attacks. The vulnerability requires the Splunk platform instance to use the SAML authentication scheme.

Recommendations: For Splunk Enterprise versions prior to 9.2.2, update to version 9.2.2 or later. For Splunk Enterprise versions prior to 9.1.5, update to version 9.1.5 or later. For Splunk Enterprise versions prior to 9.0.10, update to version 9.0.10 or later. For Splunk Cloud Platform versions prior to 9.1.2312.109, update to version 9.1.2312.109 or later. As a temporary workaround, consider restricting access to the SAML authentication scheme until a patch is available.