CVE-2024-45737: 
Splunk Enterprise vulnerability analysis and mitigation

A vulnerability identified as CVE-2024-45737 was discovered in Splunk Enterprise and Splunk Cloud Platform. The vulnerability affects Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, as well as Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.204. This security flaw allows low-privileged users without 'admin' or 'power' roles to modify the maintenance mode state of the App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF) attack (Splunk Advisory).

The vulnerability is classified as Cross-Site Request Forgery (CWE-352) with a CVSS v3.1 base score of 4.3 (Medium) according to Splunk's assessment, while NIST rates it at 3.5 (Low) with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L. The vulnerability specifically targets the Splunk Web component and affects instances where this component is enabled (NVD, Splunk Advisory).

The exploitation of this vulnerability could allow unauthorized users to manipulate the KVStore maintenance mode state, potentially affecting the availability of the App Key Value Store service. The impact is primarily limited to availability concerns, as there are no direct confidentiality or integrity implications (Splunk Advisory).

Splunk has released patches to address this vulnerability. Organizations are advised to upgrade Splunk Enterprise to versions 9.3.1, 9.2.3, 9.1.6, or higher. For Splunk Cloud Platform, Splunk is actively monitoring and patching affected instances. As a workaround, organizations can disable Splunk Web if it's not necessary for operations (Splunk Advisory).