CVE-2024-53247: Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway app

8.8 CVSS

Description

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.2.461 and 3.7.13 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could perform a Remote Code Execution (RCE).

Classification

CVE ID: CVE-2024-53247

CVSS Base Severity: HIGH

CVSS Base Score: 8.8

Affected Products

Vendor: Splunk

Product: Splunk Enterprise

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://advisory.splunk.com/advisories/SVD-2024-1205

Timeline

2024-12-11 00:31:06 UTC
CVE

Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway app