CVE-2024-45740

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.2.3 Splunk Enterprise versions prior to 9.1.6 Splunk Cloud Platform versions prior to 9.2.2403

Description: A low-privileged user without the "admin" or "power" Splunk roles could craft a malicious payload through Scheduled Views, potentially resulting in the execution of unauthorized JavaScript code in a user's browser. This issue is related to the lack of protection for the web page structure in the Splunk Web interface, which could allow a remote attacker to perform cross-site scripting attacks.

Recommendations: For Splunk Enterprise versions prior to 9.2.3, update to version 9.2.3 or later to resolve the issue. For Splunk Enterprise versions prior to 9.1.6, update to version 9.1.6 or later to resolve the issue. For Splunk Cloud Platform versions prior to 9.2.2403, update to version 9.2.2403 or later to resolve the issue. As a temporary workaround, consider restricting access to Scheduled Views for low-privileged users until a patch is applied.