Vulnerability Details CVE-2024-23678
In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine. This vulnerability only affects Splunk Enterprise for Windows.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 36.8%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2024-23678
-
cpe:2.3:a:splunk:splunk:9.0.0
-
cpe:2.3:a:splunk:splunk:9.0.3
-
cpe:2.3:a:splunk:splunk:9.0.4
-
cpe:2.3:a:splunk:splunk:9.0.6
-
cpe:2.3:a:splunk:splunk:9.0.7
-
cpe:2.3:a:splunk:splunk:9.1.0
-
cpe:2.3:a:splunk:splunk:9.1.0.1
-
cpe:2.3:a:splunk:splunk:9.1.0.2
-
cpe:2.3:a:splunk:splunk:9.1.1
-
cpe:2.3:a:splunk:splunk:9.1.2