FKIE_CVE-2024-36996

Vulnerability from fkie_nvd - Published: 2024-07-01 17:15 - Updated: 2024-11-21 09:23
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additional brute-force password-guessing attacks. This vulnerability would require that the Splunk platform instance uses the Security Assertion Markup Language (SAML) authentication scheme.
References
prodsec@splunk.comhttps://advisory.splunk.com/advisories/SVD-2024-0716Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://advisory.splunk.com/advisories/SVD-2024-0716Vendor Advisory
Impacted products
Vendor Product Version
splunk splunk *
splunk splunk *
splunk splunk *
splunk splunk_cloud_platform *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "1E1312EB-AB0A-4E4B-9801-D12BFCD44702",
              "versionEndIncluding": "9.0.10",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "565039EE-74F6-451C-AFB3-F6C9F7AA0EEE",
              "versionEndExcluding": "9.1.5",
              "versionStartIncluding": "9.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B1342052-4733-49BB-95F0-A89B07A3F2E3",
              "versionEndExcluding": "9.2.2",
              "versionStartIncluding": "9.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2E66C0D-BD3A-46CE-9578-068401F094C0",
              "versionEndExcluding": "9.1.2312.109",
              "versionStartIncluding": "9.1.2312",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additional brute-force password-guessing attacks. This vulnerability would require that the Splunk platform instance uses the Security Assertion Markup Language (SAML) authentication scheme."
    },
    {
      "lang": "es",
      "value": "En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.109, un atacante podr\u00eda determinar si existe otro usuario en la instancia descifrando la respuesta de error que probablemente recibir\u00edan de la instancia cuando intenten iniciar sesi\u00f3n. Esta divulgaci\u00f3n podr\u00eda dar lugar a ataques adicionales de fuerza bruta para adivinar contrase\u00f1as. Esta vulnerabilidad requerir\u00eda que la instancia de la plataforma Splunk utilice el esquema de autenticaci\u00f3n Security Assertion Markup Language (SAML)."
    }
  ],
  "id": "CVE-2024-36996",
  "lastModified": "2024-11-21T09:23:00.057",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "prodsec@splunk.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-07-01T17:15:08.917",
  "references": [
    {
      "source": "prodsec@splunk.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0716"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0716"
    }
  ],
  "sourceIdentifier": "prodsec@splunk.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-204"
        }
      ],
      "source": "prodsec@splunk.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-203"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.