CVE-2024-53246

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability, such as a Risky Commands Bypass, for successful exploitation.

Published: Dec 10, 2024
Updated: May 4, 2025
CVE: CVE-2024-53246
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-319

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
splunk / splunk	9.1.0	9.1.7
splunk / splunk	9.2.0	9.2.4
splunk / splunk	9.3.0	9.3.2
splunk / splunk_cloud_platform	9.1.2312	9.1.2312.206
splunk / splunk_cloud_platform	9.2.2403	9.2.2403.111
splunk / splunk_cloud_platform	9.2.2406	9.2.2406.106
splunk / splunk_cloud_platform	9.3.2408	9.3.2408.101

https://advisory.splunk.com/advisories/SVD-2024-1204

Vulnerability Database

289,599

CVE-2024-53246