CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-36996

High Severity
Splunk
SVRS
52/100
CVSSv3
5.3/10
EPSS
0.00158/1

CVE-2024-36996 in Splunk Enterprise and Cloud Platform allows attackers to determine user existence via login error responses, potentially leading to brute-force attacks. The vulnerability affects instances using SAML authentication. This information disclosure can assist malicious actors in crafting targeted attacks.

While CVE-2024-36996 has a CVSS score of 5.3, indicating medium severity, its SOCRadar Vulnerability Risk Score (SVRS) is 52. This suggests a moderate level of real-world risk based on threat actor activity and exploit availability. Organizations using affected Splunk versions with SAML authentication should prioritize patching to prevent potential information disclosure and subsequent attacks. The CWE-204 classification highlights the sensitivity of exposed information, making it vital to mitigate this vulnerability promptly.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:L
I:N
A:N
PUBLICATION DATE2025-02-28
LAST MODIFIED2024-07-01

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Splunk fixed tens of flaws in Splunk Enterprise and Cloud Platform
Pierluigi Paganini2024-07-04
Splunk fixed tens of flaws in Splunk Enterprise and Cloud Platform | Technology company Splunk released security updates to address 16 vulnerabilities in Splunk Enterprise and Cloud Platform. Technology company Splunk addressed 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including four high-severity flaws. The vulnerability CVE-2024-36985 is a Remote Code Execution (RCE) through an external lookup due to “copybuckets.py“ script in the “splunk_archiver“ application in Splunk […] Technology company Splunk released
cve-2024-36985
cve-2024-36991
cve-2024-36990
cve-2024-36983
CVE-2024-36996 | Splunk Enterprise/Cloud Platform observable response discrepancy (SVD-2024-0716)
vuldb.com2024-07-01
CVE-2024-36996 | Splunk Enterprise/Cloud Platform observable response discrepancy (SVD-2024-0716) | A vulnerability was found in Splunk Enterprise and Cloud Platform. It has been classified as problematic. This affects an unknown part. The manipulation leads to observable response discrepancy. This vulnerability is uniquely identified as CVE-2024-36996. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component
cve-2024-36996
domains
urls
cves

Social Media

🚨 CVE-2024-36996: Splunk Enterprise/Cloud Platform vulnerable to observable response discrepancy. Attacker could remotely exploit unknown component. Impact: Data manipulation. Upgrade Splunk immediately to mitigate risks. #CyberSecurity #PatchNow
0
0
0
CVE-2024-36996 In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by ... https://t.co/pZOtzGT90i
0
0
1

Affected Software

Configuration 1
TypeVendorProduct
AppSplunksplunk
AppSplunksplunk_cloud_platform

References

ReferenceLink
[email protected]https://advisory.splunk.com/advisories/SVD-2024-0716

CWE Details

CWE IDCWE NameDescription
CWE-204Observable Response DiscrepancyThe product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.
CWE-203Observable DiscrepancyThe product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence