CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-53243 – Information Disclosure in Mobile Alert Responses in Splunk Secure Gateway
https://notcve.org/view.php?id=CVE-2024-53243
10 Dec 2024 — In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could see alert search query responses using Splunk Secure Gateway App Key Value Store (KVstore) collections endpoints due to improper access control. • https://advisory.splunk.com/advisories/SVD-2024-1201 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53247 – Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway app
https://notcve.org/view.php?id=CVE-2024-53247
10 Dec 2024 — In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.2.461 and 3.7.13 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could perform a Remote Code Execution (RCE). In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.4.261 and 3.7.13 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk rol... • https://advisory.splunk.com/advisories/SVD-2024-1205 • CWE-502: Deserialization of Untrusted Data •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-45735 – Improper Access Control for low-privileged user in Splunk Secure Gateway App
https://notcve.org/view.php?id=CVE-2024-45735
14 Oct 2024 — In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the "admin" or "power" Splunk roles can see App Key Value Store (KV Store) deployment configuration and public/private keys in the Splunk Secure Gateway App. • https://advisory.splunk.com/advisories/SVD-2024-1005 • CWE-284: Improper Access Control •