Sensitive Information Disclosure in Splunk Enterprise and Cloud Platform
CVE-2024-53246
7.5HIGH
Key Information:
- Vendor
Splunk
- Vendor
- CVE Published:
- 10 December 2024
What is CVE-2024-53246?
A vulnerability exists in Splunk Enterprise and Splunk Cloud Platform that allows the disclosure of sensitive information through the exploitation of specific SPL commands. This risk could arise when another vulnerability, such as a Risky Commands Bypass, is present, enabling potential attackers to access confidential data inadvertently exposed through the affected versions.
Affected Version(s)
Splunk Cloud Platform 9.3.2408 < 9.3.2408.101
Splunk Cloud Platform 9.2.2406 < 9.2.2406.106
Splunk Cloud Platform 9.2.2403 < 9.2.2403.111