{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T00:39:16.245","vulnerabilities":[{"cve":{"id":"CVE-2024-45738","sourceIdentifier":"prodsec@splunk.com","published":"2024-10-14T17:15:12.660","lastModified":"2024-10-17T13:17:37.723","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. This exposure could happen if you configure the Splunk Enterprise `REST_Calls` log channel at the DEBUG logging level."},{"lang":"es","value":"En las versiones de Splunk Enterprise anteriores a 9.3.1, 9.2.3 y 9.1.6, el software puede exponer parámetros HTTP confidenciales al índice `_internal`. Esta exposición podría ocurrir si configura el canal de registro `REST_Calls` de Splunk Enterprise en el nivel de registro DEBUG."}],"metrics":{"cvssMetricV31":[{"source":"prodsec@splunk.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}]},"weaknesses":[{"source":"prodsec@splunk.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"9.1.0","versionEndExcluding":"9.1.6","matchCriteriaId":"FB935ACC-3899-47DE-B4C0-CB94CAC79AC2"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"9.2.0","versionEndExcluding":"9.2.3","matchCriteriaId":"14D07F5E-504B-447B-988B-BF6ADA59F8D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:9.3.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"11F038B4-1335-4F4E-9013-E6D6152DCD20"}]}]}],"references":[{"url":"https://advisory.splunk.com/advisories/SVD-2024-1008","source":"prodsec@splunk.com","tags":["Vendor Advisory"]},{"url":"https://research.splunk.com/application/93dc7182-c5da-4085-82ec-401abf33d623/","source":"prodsec@splunk.com","tags":["Vendor Advisory"]}]}}]}