CVE-2024-36996

{"id": "CVE-2024-36996", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "prodsec@splunk.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-07-01T17:15:08.917", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-0716", "tags": ["Vendor Advisory"], "source": "prodsec@splunk.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-203"}]}, {"type": "Secondary", "source": "prodsec@splunk.com", "description": [{"lang": "en", "value": "CWE-204"}]}], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additional brute-force password-guessing attacks. This vulnerability would require that the Splunk platform instance uses the Security Assertion Markup Language (SAML) authentication scheme."}, {"lang": "es", "value": "En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.109, un atacante podr\u00eda determinar si existe otro usuario en la instancia descifrando la respuesta de error que probablemente recibir\u00edan de la instancia cuando intenten iniciar sesi\u00f3n. Esta divulgaci\u00f3n podr\u00eda dar lugar a ataques adicionales de fuerza bruta para adivinar contrase\u00f1as. Esta vulnerabilidad requerir\u00eda que la instancia de la plataforma Splunk utilice el esquema de autenticaci\u00f3n Security Assertion Markup Language (SAML)."}], "lastModified": "2024-10-10T12:30:29.247", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "1E1312EB-AB0A-4E4B-9801-D12BFCD44702", "versionEndIncluding": "9.0.10", "versionStartIncluding": "9.0.0"}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "565039EE-74F6-451C-AFB3-F6C9F7AA0EEE", "versionEndExcluding": "9.1.5", "versionStartIncluding": "9.1.0"}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "B1342052-4733-49BB-95F0-A89B07A3F2E3", "versionEndExcluding": "9.2.2", "versionStartIncluding": "9.2.0"}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2E66C0D-BD3A-46CE-9578-068401F094C0", "versionEndExcluding": "9.1.2312.109", "versionStartIncluding": "9.1.2312"}], "operator": "OR"}]}], "sourceIdentifier": "prodsec@splunk.com"}