CVE-2024-53246

MEDIUM

Splunk < 9.1.7 - Cleartext Transmission

Title source: rule

Description

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability, such as a Risky Commands Bypass, for successful exploitation.

References (1)

[Vendor Advisory] https://advisory.splunk.com/advisories/SVD-2024-1204

Scores

CVSS v3 5.3

EPSS 0.0010

EPSS Percentile 26.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-319

Status published

Products (2)

splunk/splunk 9.1.0 - 9.1.7

splunk/splunk_cloud_platform 9.1.2312 - 9.1.2312.206

Published Dec 10, 2024

Tracked Since Feb 18, 2026