Splunk addressed multiple vulnerabilities in Splunk Enterprise, including a high-severity flaw impacting Windows installs. Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3 does not correctly sanitize path input data.
This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine. Deserialization of untrusted data can allow malicious code to be executed on the system. This is because the serialized data can contain instructions that the application will execute when it deserializes the data.
This vulnerability only affects Splunk Enterprise for Windows. Customers are recommended to upgrade versions 9.0.8, 9.1.3, or higher. The vendor pointed out that the vulnerability does not affect the Cloud Platform.