August Third Party Package updates in Splunk Enterprise and Universal Forwarders

Advisory ID: SVD-2022-0804

CVE ID:  Multiple

Published: 2022-08-16

Last Update: 2023-03-08

Description

Splunk Enterprise and Universal Forwarders remedied multiple CVEs in Third Party Packages in versions 8.1.11, 8.2.7.1, and 9.0.1 and Splunk Cloud Platform with version 9.0.2205, including the following:

PackageRemediationCVESeverity
OpenSSL1.0.2Upgraded to OpenSSL 1.0.2zfCVE-2022-2068Informational
libxml2Applied patchCVE-2021-3541Medium
libxml2Applied patchCVE-2022-29824Medium
libxml2Applied patchCVE-2022-23308Informational

Solution

For Splunk Enterprise and Universal Forwarders, upgrade to 8.1.11, 8.2.7.1, 9.0.1, or higher.

For Splunk Cloud Platform customers, Splunk is actively patching and monitoring Splunk Cloud instances.

Severity

CVE-2022-2068

Splunk Enterprise and Universal Forwarders do not include the rehash or c_rehash functionality. However, out of an abundance of caution, Splunk upgraded OpenSSL to 1.0.2zf.

CVE-2021-3541

Splunk adopted NVD’s scoring of 6.5, Medium with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

CVE-2022-29824

Splunk adopted NVD’s scoring of 6.5, Medium with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H.

CVE-2022-23308

In Splunk Enterprise and the Universal Forwarder, the libxml2 implementation and its handling of XML do not meet the prerequisites for potential exploitation (for example, parsing with the XML_PARSE_DTDVALID and without the XML_PARSE_NOENT options). As such, CVE-2022-23308 does not affect Splunk Enterprise and the Universal Forwarder. The vulnerability is Informational only.

Changelog

  • 2023-03-08: Updated CVE mismatch in tables and severity section. Updated severity for CVE-2022-23308.