CVE-2024-45735

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 9.2.3 Splunk Enterprise versions prior to 9.1.6 Splunk Secure Gateway versions on Splunk Cloud Platform versions prior to 3.4.259 Splunk Secure Gateway versions on Splunk Cloud Platform versions prior to 3.6.17 Splunk Secure Gateway versions on Splunk Cloud Platform versions prior to 3.7.0

Description The issue is related to insufficient access control to the Key Value Store (KV Store) in the Splunk Secure Gateway component of the Splunk Enterprise platform for operational analysis. This can allow a low-privileged user without the "admin" or "power" Splunk roles to view App Key Value Store deployment configuration and public/private keys in the Splunk Secure Gateway App. An attacker could exploit this to remotely delete data from the KV Store.

Recommendations For Splunk Enterprise versions prior to 9.2.3, update to version 9.2.3 or later. For Splunk Enterprise versions prior to 9.1.6, update to version 9.1.6 or later. For Splunk Secure Gateway versions on Splunk Cloud Platform versions prior to 3.4.259, update to version 3.4.259 or later. For Splunk Secure Gateway versions on Splunk Cloud Platform versions prior to 3.6.17, update to version 3.6.17 or later. For Splunk Secure Gateway versions on Splunk Cloud Platform versions prior to 3.7.0, update to version 3.7.0 or later. As a temporary workaround, consider restricting access to the KV Store to minimize the risk of exploitation.