Unrated severityNVD Advisory· Published Jan 22, 2024· Updated Jun 17, 2025
Deserialization of Untrusted Data on Splunk Enterprise for Windows through Path Traversal from Separate Disk Partition
CVE-2024-23678
Description
In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine. This vulnerability only affects Splunk Enterprise for Windows.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<9.0.8 || >=9.0.0 <9.1.3+ 1 more
- (no CPE)range: <9.0.8 || >=9.0.0 <9.1.3
- (no CPE)range: 9.0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.