CVE-2024-45735: 
Splunk Enterprise vulnerability analysis and mitigation

CVE-2024-45735 is a security vulnerability discovered in Splunk Enterprise and Splunk Secure Gateway that affects multiple versions of these products. The vulnerability was disclosed on October 14, 2024, impacting Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0. This vulnerability allows low-privileged users without 'admin' or 'power' roles to access sensitive information in the Splunk Secure Gateway App (Splunk Advisory, NVD).

The vulnerability is classified as an improper access control issue (CWE-284) with a CVSS v3.1 base score of 4.3 (Medium). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N, indicating that it requires network access, low attack complexity, low privileges, and no user interaction. The vulnerability specifically allows unauthorized access to App Key Value Store (KV Store) deployment configuration and public/private keys within the Splunk Secure Gateway App (Splunk Advisory).

The primary impact of this vulnerability is the potential exposure of sensitive configuration data and cryptographic keys. Specifically, unauthorized users can view App Key Value Store (KV Store) deployment configuration and public/private keys in the Splunk Secure Gateway App, which could potentially compromise the security of the affected systems (Splunk Research).

Splunk has released patches to address this vulnerability. Users are advised to upgrade Splunk Enterprise to versions 9.3.0, 9.2.3, 9.1.6 or higher. For Splunk Cloud Platform users, Splunk is actively monitoring and upgrading Splunk Secure Gateway instances. As a workaround, if organizations do not use Splunk Mobile, Spacebridge, or Mission Control functionality, they can remove or disable the splunksecuregateway app (Splunk Advisory).