Unrated severityNVD Advisory· Published Oct 14, 2024· Updated Feb 28, 2025
Improper Access Control for low-privileged user in Splunk Secure Gateway App
CVE-2024-45735
Description
In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the "admin" or "power" Splunk roles can see App Key Value Store (KV Store) deployment configuration and public/private keys in the Splunk Secure Gateway App.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4<9.2.3, <9.1.6+ 1 more
- (no CPE)range: <9.2.3, <9.1.6
- (no CPE)range: 9.2
<3.4.259, <3.6.17, <3.7.0+ 1 more
- (no CPE)range: <3.4.259, <3.6.17, <3.7.0
- (no CPE)range: 3.6
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.