SplunkCVELIST:CVE-2024-23678CVE-2024-23678 Deserialization of Untrusted Data on Splunk Enterprise for Windows through Path Traversal from Separate Disk Partition
7.5 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
16.2%
In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine. This vulnerability only affects Splunk Enterprise for Windows.
CNA Affected
[
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"version": "9.0",
"status": "affected",
"versionType": "custom",
"lessThan": "9.0.8"
},
{
"version": "9.1",
"status": "affected",
"versionType": "custom",
"lessThan": "9.1.3"
}
]
}
]Related
7.5 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
16.2%