← back
CVE-2024-36996

Information Disclosure of user names

CVSS 5.3 MEDIUMEPSS 0.4%CWE-204
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.3EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
01 Jul 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additional brute-force password-guessing attacks. This vulnerability would require that the Splunk platform instance uses the Security Assertion Markup Language (SAML) authentication scheme.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
Splunk · Splunk Cloud PlatformSplunk · Splunk Enterprise

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://advisory.splunk.com/advisories/SVD-2024-0716