{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-36996", "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "state": "PUBLISHED", "assignerShortName": "Splunk", "dateReserved": "2024-05-30T16:36:21.002Z", "datePublished": "2024-07-01T16:30:41.186Z", "dateUpdated": "2025-02-28T11:03:41.084Z"}, "containers": {"cna": {"affected": [{"product": "Splunk Enterprise", "vendor": "Splunk", "versions": [{"version": "9.2", "status": "affected", "versionType": "custom", "lessThan": "9.2.2"}, {"version": "9.1", "status": "affected", "versionType": "custom", "lessThan": "9.1.5"}, {"version": "9.0", "status": "affected", "versionType": "custom", "lessThan": "9.0.10"}]}, {"product": "Splunk Cloud Platform", "vendor": "Splunk", "versions": [{"version": "9.1.2312", "status": "affected", "versionType": "custom", "lessThan": "9.1.2312.109"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additional brute-force password-guessing attacks. This vulnerability would require that the Splunk platform instance uses the Security Assertion Markup Language (SAML) authentication scheme."}], "value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additional brute-force password-guessing attacks. This vulnerability would require that the Splunk platform instance uses the Security Assertion Markup Language (SAML) authentication scheme."}], "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-0716"}], "title": "Information Disclosure of user names", "datePublic": "2024-07-01T00:00:00.000Z", "metrics": [{"cvssV3_1": {"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "description": "The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.", "cweId": "CWE-204"}]}], "source": {"advisory": "SVD-2024-0716"}, "providerMetadata": {"orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk", "dateUpdated": "2025-02-28T11:03:41.084Z"}}, "adp": [{"affected": [{"vendor": "splunk", "product": "splunk_enterprise", "cpes": ["cpe:2.3:a:splunk:splunk_enterprise:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "9.2", "status": "affected", "lessThan": "9.2.2", "versionType": "custom"}, {"version": "9.1", "status": "affected", "lessThan": "9.1.5", "versionType": "custom"}, {"version": "9.0", "status": "affected", "lessThan": "9.0.10", "versionType": "custom"}]}, {"vendor": "splunk", "product": "splunk_cloud_platform", "cpes": ["cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "9.1.2312", "status": "affected", "lessThan": "9.1.2312.109", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-01T19:26:51.643823Z", "id": "CVE-2024-36996", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-03T21:00:22.102Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:43:50.582Z"}, "title": "CVE Program Container", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-0716", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-0716", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:43:50.582Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-36996", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-01T19:26:51.643823Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:splunk:splunk_enterprise:*:*:*:*:*:*:*:*"], "vendor": "splunk", "product": "splunk_enterprise", "versions": [{"status": "affected", "version": "9.2", "lessThan": "9.2.2", "versionType": "custom"}, {"status": "affected", "version": "9.1", "lessThan": "9.1.5", "versionType": "custom"}, {"status": "affected", "version": "9.0", "lessThan": "9.0.10", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*"], "vendor": "splunk", "product": "splunk_cloud_platform", "versions": [{"status": "affected", "version": "9.1.2312", "lessThan": "9.1.2312.109", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-03T20:50:38.803Z"}}], "cna": {"title": "Information Disclosure of user names", "source": {"advisory": "SVD-2024-0716"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Splunk", "product": "Splunk Enterprise", "versions": [{"status": "affected", "version": "9.2", "lessThan": "9.2.2", "versionType": "custom"}, {"status": "affected", "version": "9.1", "lessThan": "9.1.5", "versionType": "custom"}, {"status": "affected", "version": "9.0", "lessThan": "9.0.10", "versionType": "custom"}]}, {"vendor": "Splunk", "product": "Splunk Cloud Platform", "versions": [{"status": "affected", "version": "9.1.2312", "lessThan": "9.1.2312.109", "versionType": "custom"}]}], "datePublic": "2024-07-01T00:00:00.000Z", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-0716"}], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additional brute-force password-guessing attacks. This vulnerability would require that the Splunk platform instance uses the Security Assertion Markup Language (SAML) authentication scheme.", "supportingMedia": [{"type": "text/html", "value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additional brute-force password-guessing attacks. This vulnerability would require that the Splunk platform instance uses the Security Assertion Markup Language (SAML) authentication scheme.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-204", "description": "The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere."}]}], "providerMetadata": {"orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk", "dateUpdated": "2025-02-28T11:03:41.084Z"}}}, "cveMetadata": {"cveId": "CVE-2024-36996", "state": "PUBLISHED", "dateUpdated": "2025-02-28T11:03:41.084Z", "dateReserved": "2024-05-30T16:36:21.002Z", "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "datePublished": "2024-07-01T16:30:41.186Z", "assignerShortName": "Splunk"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "1E1312EB-AB0A-4E4B-9801-D12BFCD44702", "versionEndIncluding": "9.0.10", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "565039EE-74F6-451C-AFB3-F6C9F7AA0EEE", "versionEndExcluding": "9.1.5", "versionStartIncluding": "9.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "B1342052-4733-49BB-95F0-A89B07A3F2E3", "versionEndExcluding": "9.2.2", "versionStartIncluding": "9.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "F2E66C0D-BD3A-46CE-9578-068401F094C0", "versionEndExcluding": "9.1.2312.109", "versionStartIncluding": "9.1.2312", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additional brute-force password-guessing attacks. This vulnerability would require that the Splunk platform instance uses the Security Assertion Markup Language (SAML) authentication scheme."}, {"lang": "es", "value": "En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.109, un atacante podr\u00eda determinar si existe otro usuario en la instancia descifrando la respuesta de error que probablemente recibir\u00edan de la instancia cuando intenten iniciar sesi\u00f3n. Esta divulgaci\u00f3n podr\u00eda dar lugar a ataques adicionales de fuerza bruta para adivinar contrase\u00f1as. Esta vulnerabilidad requerir\u00eda que la instancia de la plataforma Splunk utilice el esquema de autenticaci\u00f3n Security Assertion Markup Language (SAML)."}], "id": "CVE-2024-36996", "lastModified": "2024-11-21T09:23:00.057", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "prodsec@splunk.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-01T17:15:08.917", "references": [{"source": "prodsec@splunk.com", "tags": ["Vendor Advisory"], "url": "https://advisory.splunk.com/advisories/SVD-2024-0716"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://advisory.splunk.com/advisories/SVD-2024-0716"}], "sourceIdentifier": "prodsec@splunk.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-204"}], "source": "prodsec@splunk.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-203"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}