{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-11T22:37:37.454","vulnerabilities":[{"cve":{"id":"CVE-2024-23678","sourceIdentifier":"prodsec@splunk.com","published":"2024-01-22T21:15:10.920","lastModified":"2024-11-21T08:58:09.327","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine. This vulnerability only affects Splunk Enterprise for Windows."},{"lang":"es","value":"En las versiones de Splunk Enterprise para Windows inferiores a 9.0.8 y 9.1.3, Splunk Enterprise no sanitiza correctamente los datos de entrada de ruta. Esto da como resultado la deserialización insegura de datos que no son de confianza desde una partición de disco separada en la máquina. Esta vulnerabilidad sólo afecta a Splunk Enterprise para Windows."}],"metrics":{"cvssMetricV31":[{"source":"prodsec@splunk.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}]},"weaknesses":[{"source":"prodsec@splunk.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"9.0.0","versionEndExcluding":"9.0.8","matchCriteriaId":"51D25D9F-2F3B-4A9A-B468-1DF8EB682692"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"9.1.0","versionEndExcluding":"9.1.3","matchCriteriaId":"125F126C-4B0F-4B3D-891F-498E6DE761D7"}]}]}],"references":[{"url":"https://advisory.splunk.com/advisories/SVD-2024-0108","source":"prodsec@splunk.com","tags":["Vendor Advisory"]},{"url":"https://research.splunk.com/application/947d4d2e-1b64-41fc-b32a-736ddb88ce97/","source":"prodsec@splunk.com","tags":["Vendor Advisory"]},{"url":"https://advisory.splunk.com/advisories/SVD-2024-0108","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://research.splunk.com/application/947d4d2e-1b64-41fc-b32a-736ddb88ce97/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}