Splunk Enterprise Windows RCE via Session Storage Misconfig Before 9.2.3/9.1.6
CVE-2024-45733 Published on October 14, 2024
Remote Code Execution (RCE) due to insecure session storage configuration in Splunk Enterprise on Windows
In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) due to an insecure session storage configuration.
Weakness Type
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2024-45733 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Products Associated with CVE-2024-45733
Want to know whenever a new CVE is published for Splunk? stack.watch will email you.
Affected Versions
Splunk Enterprise:- Version 9.2 and below 9.2.3 is affected.
- Version 9.1 and below 9.1.6 is affected.
- Version 9.1 and below 9.1.6 is affected.
- Version 9.2 and below 9.2.3 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.