August Third Party Package updates in Splunk Enterprise and Universal Forwarders
Advisory ID: SVD-2022-0804
CVE ID: Multiple
Published: 2022-08-16
Last Update: 2023-03-08
Description
Splunk Enterprise and Universal Forwarders remedied multiple CVEs in Third Party Packages in versions 8.1.11, 8.2.7.1, and 9.0.1 and Splunk Cloud Platform with version 9.0.2205, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| OpenSSL1.0.2 | Upgraded to OpenSSL 1.0.2zf | CVE-2022-2068 | Informational |
| libxml2 | Applied patch | CVE-2021-3541 | Medium |
| libxml2 | Applied patch | CVE-2022-29824 | Medium |
| libxml2 | Applied patch | CVE-2022-23308 | Informational |
Solution
For Splunk Enterprise and Universal Forwarders, upgrade to 8.1.11, 8.2.7.1, 9.0.1, or higher.
For Splunk Cloud Platform customers, Splunk is actively patching and monitoring Splunk Cloud instances.
Severity
CVE-2022-2068
Splunk Enterprise and Universal Forwarders do not include the rehash or c_rehash functionality. However, out of an abundance of caution, Splunk upgraded OpenSSL to 1.0.2zf.
CVE-2021-3541
Splunk adopted NVD’s scoring of 6.5, Medium with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
CVE-2022-29824
Splunk adopted NVD’s scoring of 6.5, Medium with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H.
CVE-2022-23308
In Splunk Enterprise and the Universal Forwarder, the libxml2 implementation and its handling of XML do not meet the prerequisites for potential exploitation (for example, parsing with the XML_PARSE_DTDVALID and without the XML_PARSE_NOENT options). As such, CVE-2022-23308 does not affect Splunk Enterprise and the Universal Forwarder. The vulnerability is Informational only.
Changelog
- 2023-03-08: Updated CVE mismatch in tables and severity section. Updated severity for CVE-2022-23308.