Splunk has announced patches for multiple vulnerabilities in Splunk Enterprise, including a high-severity bug affecting Windows instances.
The high-severity vulnerability tracked as CVE-2024-23678, is characterized as a problem with improper path input data sanitization that leads to “the unsafe deserialization of untrusted data from a separate disk partition on the machine.” One kind of vulnerability that makes it possible to use malformed data to execute arbitrary code, cause denial of service, or abuse application logic is the deserialization of untrusted data.
According to Splunk’s advisory, CVE-2024-23678 only affects Splunk Enterprise for Windows. Versions 9.0.8 and 9.1.3 of Splunk Enterprise have fixed the security flaw.
Read More: High-Severity Vulnerability Patched in Splunk Enterprise
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.