CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-45736

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a search query with an improperly formatted "INGEST_EVAL" parameter as part of a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) which could crash the Splunk daemon (splunkd).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 20.4%

CVSS Severity

CVSS v3 Score 6.5

References

Products affected by CVE-2024-45736

Splunk » Splunk » Version: 9.1.0

cpe:2.3:a:splunk:splunk:9.1.0
Splunk » Splunk » Version: 9.1.0.1

cpe:2.3:a:splunk:splunk:9.1.0.1
Splunk » Splunk » Version: 9.1.0.2

cpe:2.3:a:splunk:splunk:9.1.0.2
Splunk » Splunk » Version: 9.1.1

cpe:2.3:a:splunk:splunk:9.1.1
Splunk » Splunk » Version: 9.1.2

cpe:2.3:a:splunk:splunk:9.1.2
Splunk » Splunk » Version: 9.1.3

cpe:2.3:a:splunk:splunk:9.1.3
Splunk » Splunk » Version: 9.1.4

cpe:2.3:a:splunk:splunk:9.1.4
Splunk » Splunk » Version: 9.1.5

cpe:2.3:a:splunk:splunk:9.1.5
Splunk » Splunk » Version: 9.2.0

cpe:2.3:a:splunk:splunk:9.2.0
Splunk » Splunk » Version: 9.2.1

cpe:2.3:a:splunk:splunk:9.2.1
Splunk » Splunk » Version: 9.2.2

cpe:2.3:a:splunk:splunk:9.2.2
Splunk » Splunk » Version: 9.3.0

cpe:2.3:a:splunk:splunk:9.3.0
Splunk » Splunk Cloud Platform » Version: Any

cpe:2.3:a:splunk:splunk_cloud_platform:*
Splunk » Splunk Cloud Platform » Version: 9.1.2312

cpe:2.3:a:splunk:splunk_cloud_platform:9.1.2312
Splunk » Splunk Cloud Platform » Version: 9.1.2312.100

cpe:2.3:a:splunk:splunk_cloud_platform:9.1.2312.100
Splunk » Splunk Cloud Platform » Version: 9.1.2312.108

cpe:2.3:a:splunk:splunk_cloud_platform:9.1.2312.108
Splunk » Splunk Cloud Platform » Version: 9.1.2312.109

cpe:2.3:a:splunk:splunk_cloud_platform:9.1.2312.109
Splunk » Splunk Cloud Platform » Version: 9.2.2403.100

cpe:2.3:a:splunk:splunk_cloud_platform:9.2.2403.100

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-45736

Products

Pricing

Contact Us