Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Splunk Addresses Windows Vulnerability

January 24, 2024
Reading Time: 3 mins read
in Alerts

Splunk has recently addressed multiple vulnerabilities in its Splunk Enterprise software, with a notable focus on a high-severity flaw affecting the Windows version (CVE-2024-23678, CVSS score 7.5). The identified vulnerability impacts Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, involving inadequate sanitization of path input data. This flaw can lead to the unsafe deserialization of untrusted data from a separate disk partition on the affected machine, potentially enabling the execution of malicious code. To mitigate these risks, users are strongly advised to upgrade to Splunk Enterprise versions 9.0.8, 9.1.3, or higher. Notably, the vulnerability does not affect the Splunk Cloud Platform.

The high-severity flaw was discovered by security researcher Danylo Dmytriiev (DDV_UA). The specific nature of the vulnerability lies in the improper handling of path input data by Splunk Enterprise for Windows. This lapse could result in the unsafe deserialization of untrusted data from an external disk partition, creating a potential avenue for the execution of malicious code on the system. To address this, Splunk recommends that users upgrade to the specified versions, emphasizing that the vulnerability is exclusive to the Windows version and does not impact the Splunk Cloud Platform. The company did not disclose any information regarding known instances of exploitation of this vulnerability in the wild.

In light of the potential risks associated with the identified vulnerability, Splunk users on Windows are strongly encouraged to implement the necessary updates promptly. The prompt installation of versions 9.0.8, 9.1.3, or later will help safeguard systems from potential security threats associated with the high-severity flaw. Splunk continues to prioritize the security of its software and encourages users to stay vigilant and proactive in maintaining the integrity and safety of their Splunk Enterprise installations.

 

Reference:
  • Deserialization of Untrusted Data on Splunk Enterprise for Windows through Path Traversal from Separate Disk Partition
Tags: Cyber AlertCyber Alerts 2024Cyber RiskCyber threatJanuary 2024SplunkVulnerabilitiesWindows
ADVERTISEMENT

Related Posts

Russian APT28 Deploys Outlook Backdoor

SAP S4hana Exploited Vulnerability

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Virustotal Finds Undetected SVG Files

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Russian APT28 Deploys Outlook Backdoor

September 5, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Lazarus Hackers Exploit ZeroDay, Deploy Rats

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

CISA Flags TP Link Router Flaws

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

September 4, 2025

Latest Alerts

SAP S4hana Exploited Vulnerability

Virustotal Finds Undetected SVG Files

Russian APT28 Deploys Outlook Backdoor

CISA Flags TP Link Router Flaws

Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

Subscribe to our newsletter

    Latest Incidents

    North Korean Hackers Fake Interviews

    Bridgestone Confirms Cyberattack

    Cybersecurity Firms Hit By Breach

    Salesloft Drift Attacks Hits Vendors

    Jaguar Land Rover Hit By Cyber Incident

    Hackers Use Grok Ai To Spread Malware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial