{"cve":{"cve_id":"CVE-2024-53243","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00281,"epss_percentile":0.19648,"epss_as_of":"2026-06-23","description":"In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could see alert search query responses using Splunk Secure Gateway App Key Value Store (KVstore) collections endpoints due to improper access control.","published_at":"2024-12-10T18:00:49.236000Z","last_modified_at":null,"cvss_v3_score":4.3,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","cvss_v3_severity":"MEDIUM","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":false,"ssvc_technical_impact":"partial","cwes":["CWE-200"],"nvd_references":["https://advisory.splunk.com/advisories/SVD-2024-1201"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-29T02:14:36.567578Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"L","value_label":"Low"},{"metric":"I","name":"Integrity","value":"N","value_label":"None"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"splunk","vendor_name":"Splunk","product_slug":"splunk-enterprise","product_name":"Splunk Enterprise","version_start":"9.3","version_start_inclusive":true,"version_end":"9.3.2","version_end_inclusive":false,"cpe23_uri":"cve5:splunk:splunk-enterprise:9.3:9.3.2"},{"vendor_slug":"splunk","vendor_name":"Splunk","product_slug":"splunk-enterprise","product_name":"Splunk Enterprise","version_start":"9.2","version_start_inclusive":true,"version_end":"9.2.4","version_end_inclusive":false,"cpe23_uri":"cve5:splunk:splunk-enterprise:9.2:9.2.4"},{"vendor_slug":"splunk","vendor_name":"Splunk","product_slug":"splunk-enterprise","product_name":"Splunk Enterprise","version_start":"9.1","version_start_inclusive":true,"version_end":"9.1.7","version_end_inclusive":false,"cpe23_uri":"cve5:splunk:splunk-enterprise:9.1:9.1.7"},{"vendor_slug":"splunk","vendor_name":"Splunk","product_slug":"splunk-secure-gateway","product_name":"Splunk Secure Gateway","version_start":"3.8","version_start_inclusive":true,"version_end":"3.8.5","version_end_inclusive":false,"cpe23_uri":"cve5:splunk:splunk-secure-gateway:3.8:3.8.5"},{"vendor_slug":"splunk","vendor_name":"Splunk","product_slug":"splunk-secure-gateway","product_name":"Splunk Secure Gateway","version_start":"3.7","version_start_inclusive":true,"version_end":"3.7.18","version_end_inclusive":false,"cpe23_uri":"cve5:splunk:splunk-secure-gateway:3.7:3.7.18"},{"vendor_slug":"splunk","vendor_name":"Splunk","product_slug":"splunk-secure-gateway","product_name":"Splunk Secure Gateway","version_start":"3.4","version_start_inclusive":true,"version_end":"3.4.262","version_end_inclusive":false,"cpe23_uri":"cve5:splunk:splunk-secure-gateway:3.4:3.4.262"}],"exploit_refs":[],"news":[],"references":[{"url":"https://advisory.splunk.com/advisories/SVD-2024-1201","source_type":"VENDOR_ADVISORY","tags":["advisory"]}],"timeline":[{"type":"published","at":"2024-12-10T18:00:49.236000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:39:10.181775Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:39:10.181775Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:39:10.181775Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T02:14:36.567578Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T02:14:36.567578Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T02:14:36.567578Z","label":"SSVC decision revised","source":"vulnrichment"}]}