CVE-2024-45740

🗓️ 14 Oct 2024 17:03:29Reported by SplunkType

Low-privileged user can craft malicious payload in Splunk, leading to unauthorized JavaScript executio

Reporter	Title	Published	Views	Family All 7
Circl	CVE-2024-45740	14 Oct 202420:01	–	circl
CNNVD	Splunk Cloud Platform和Splunk Enterprise 安全漏洞	14 Oct 202400:00	–	cnnvd
Cvelist	CVE-2024-45740 Persistent Cross-Site Scripting (XSS) through Scheduled Views on Splunk Enterprise	14 Oct 202417:03	–	cvelist
EUVD	EUVD-2024-41688	3 Oct 202520:07	–	euvd
NVD	CVE-2024-45740	14 Oct 202417:15	–	nvd
Tenable Nessus	Splunk Enterprise 9.1.0 < 9.1.6, 9.2.0 < 9.2.3 (SVD-2024-1010)	14 Oct 202400:00	–	nessus
Vulnrichment	CVE-2024-45740 Persistent Cross-Site Scripting (XSS) through Scheduled Views on Splunk Enterprise	14 Oct 202417:03	–	vulnrichment

NVD

Node

splunk splunkRange9.1.0–9.1.6enterprise

splunk splunkRange9.2.0–9.2.3enterprise

splunk splunk_cloud_platformRange<9.2.2403.100

[
  {
    "product": "Splunk Enterprise",
    "vendor": "Splunk",
    "versions": [
      {
        "version": "9.2",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.2.3"
      },
      {
        "version": "9.1",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.1.6"
      }
    ]
  },
  {
    "product": "Splunk Cloud Platform",
    "vendor": "Splunk",
    "versions": [
      {
        "version": "9.2.2403",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.2.2403.100"
      }
    ]
  }
]

Source	Link
research	www.research.splunk.com/application/d4f55f7c-6518-4122-a197-951fe0f21b25/
advisory	www.advisory.splunk.com/advisories/SVD-2024-1010

28 Feb 2025 11:03Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.15.4

EPSS0.00602

SSVC

CWE-79