Splunk has addressed multiple vulnerabilities in Splunk Enterprise that includes a high-severity deserialization flaw.
The vulnerability tracked as CVE-2024-23678 with CVSS score 7.5, impacting the Windows version.
The advisory stats that Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3 do not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine.
The Deserialization of untrusted data can allow malicious code to be executed on the system. This is because the serialized data can contain instructions that the application will execute when it deserializes the data.
This vulnerability only affects Splunk Enterprise for Windows. If you do not run Splunk Enterprise on a Windows machine, then there is no impact, and the severity is informational.
Customers are recommended to upgrade versions 9.0.8, 9.1.3, or higher. The vendor pointed out that the vulnerability does not affect the Cloud Platform.
The issue was discovered by Danylo Dmytriiev (DDV_UA). Splunk did not reveal if it is aware of attacks in the wild exploiting this vulnerability.
