CVE-2024-36996
Information Disclosure of user names
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additional brute-force password-guessing attacks. This vulnerability would require that the Splunk platform instance uses the Security Assertion Markup Language (SAML) authentication scheme.
En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.109, un atacante podría determinar si existe otro usuario en la instancia descifrando la respuesta de error que probablemente recibirían de la instancia cuando intenten iniciar sesión. Esta divulgación podría dar lugar a ataques adicionales de fuerza bruta para adivinar contraseñas. Esta vulnerabilidad requeriría que la instancia de la plataforma Splunk utilice el esquema de autenticación Security Assertion Markup Language (SAML).
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-05-30 CVE Reserved
- 2024-07-01 CVE Published
- 2024-08-03 EPSS Updated
- 2024-10-30 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-204: Observable Response Discrepancy
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://advisory.splunk.com/advisories/SVD-2024-0716 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Splunk Search vendor "Splunk" | Splunk Enterprise Search vendor "Splunk" for product "Splunk Enterprise" | >= 9.2.0 < 9.2.2 Search vendor "Splunk" for product "Splunk Enterprise" and version " >= 9.2.0 < 9.2.2" | en |
Affected
| ||||||
Splunk Search vendor "Splunk" | Splunk Enterprise Search vendor "Splunk" for product "Splunk Enterprise" | >= 9.1.0 < 9.1.5 Search vendor "Splunk" for product "Splunk Enterprise" and version " >= 9.1.0 < 9.1.5" | en |
Affected
| ||||||
Splunk Search vendor "Splunk" | Splunk Enterprise Search vendor "Splunk" for product "Splunk Enterprise" | >= 9.0.0 < 9.0.10 Search vendor "Splunk" for product "Splunk Enterprise" and version " >= 9.0.0 < 9.0.10" | en |
Affected
| ||||||
Splunk Search vendor "Splunk" | Splunk Cloud Platform Search vendor "Splunk" for product "Splunk Cloud Platform" | >= 9.1.2312.0 < 9.1.2312.109 Search vendor "Splunk" for product "Splunk Cloud Platform" and version " >= 9.1.2312.0 < 9.1.2312.109" | en |
Affected
|