CVE-2024-53247

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 10, 2024
CWE ID 502

Summary

CVE-2024-53247 is a Remote Code Execution (RCE) vulnerability affecting Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and Splunk Secure Gateway app versions below 3.2.461 and 3.7.13 on the Splunk Cloud Platform. A low-privileged user, who does not possess the "admin" or "power" roles, can exploit this flaw to execute arbitrary code. This poses a significant risk to the targeted systems, as unauthorized users may gain unintended access and execute malicious commands. Organizations using the affected versions are strongly advised to install the applicable patches to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share