VYPR
Unrated severityNVD Advisory· Published Jan 22, 2024· Updated Jun 17, 2025

Deserialization of Untrusted Data on Splunk Enterprise for Windows through Path Traversal from Separate Disk Partition

CVE-2024-23678

Description

In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine. This vulnerability only affects Splunk Enterprise for Windows.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Splunk/Splunk Enterprisellm-fuzzy2 versions
    <9.0.8 || >=9.0.0 <9.1.3+ 1 more
    • (no CPE)range: <9.0.8 || >=9.0.0 <9.1.3
    • (no CPE)range: 9.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.