CVE-2024-53246

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 9.3.2 Splunk Enterprise versions prior to 9.2.4 Splunk Enterprise versions prior to 9.1.7 Splunk Cloud Platform versions prior to 9.3.2408.101 Splunk Cloud Platform versions prior to 9.2.2406.106 Splunk Cloud Platform versions prior to 9.2.2403.111 Splunk Cloud Platform versions prior to 9.1.2312.206

Description The issue is related to the transmission of data in an open manner, potentially allowing a remote attacker to disclose protected information. In Splunk Enterprise and Splunk Cloud Platform, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability for successful exploitation.

Recommendations For Splunk Enterprise versions prior to 9.3.2, update to version 9.3.2 or later. For Splunk Enterprise versions prior to 9.2.4, update to version 9.2.4 or later. For Splunk Enterprise versions prior to 9.1.7, update to version 9.1.7 or later. For Splunk Cloud Platform versions prior to 9.3.2408.101, update to version 9.3.2408.101 or later. For Splunk Cloud Platform versions prior to 9.2.2406.106, update to version 9.2.2406.106 or later. For Splunk Cloud Platform versions prior to 9.2.2403.111, update to version 9.2.2403.111 or later. For Splunk Cloud Platform versions prior to 9.1.2312.206, update to version 9.1.2312.206 or later.