{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T06:54:38.123","vulnerabilities":[{"cve":{"id":"CVE-2024-45734","sourceIdentifier":"prodsec@splunk.com","published":"2024-10-14T17:15:11.850","lastModified":"2024-10-16T22:20:57.687","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could view images on the machine that runs Splunk Enterprise by using the PDF export feature in Splunk classic dashboards. The images on the  machine could be exposed by exporting the dashboard as a PDF, using the local image path in the img tag in the source extensible markup language (XML) code for the Splunk classic dashboard."},{"lang":"es","value":"En las versiones 9.3.0, 9.2.3 y 9.1.6 de Splunk Enterprise, un usuario con pocos privilegios que no tenga los roles de \"administrador\" o \"poder\" de Splunk podría ver imágenes en la máquina que ejecuta Splunk Enterprise mediante la función de exportación a PDF en los paneles clásicos de Splunk. Las imágenes en la máquina podrían exponerse exportando el panel como PDF, utilizando la ruta de la imagen local en la etiqueta img en el código fuente del lenguaje de marcado extensible (XML) para el panel clásico de Splunk."}],"metrics":{"cvssMetricV31":[{"source":"prodsec@splunk.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"prodsec@splunk.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"9.1.0","versionEndExcluding":"9.1.6","matchCriteriaId":"FB935ACC-3899-47DE-B4C0-CB94CAC79AC2"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"9.2.0","versionEndExcluding":"9.2.3","matchCriteriaId":"14D07F5E-504B-447B-988B-BF6ADA59F8D1"}]}]}],"references":[{"url":"https://advisory.splunk.com/advisories/SVD-2024-1004","source":"prodsec@splunk.com","tags":["Vendor Advisory"]},{"url":"https://research.splunk.com/application/7464e2dc-98a5-4af9-87a1-fa6d5a256fa6/","source":"prodsec@splunk.com","tags":["Vendor Advisory"]}]}}]}