August Third Party Package updates in Splunk Enterprise and Universal Forwarders
Advisory ID: SVD-2022-0804
Last Update: 2023-03-08
Splunk Enterprise and Universal Forwarders remedied multiple CVEs in Third Party Packages in versions 8.1.11, 126.96.36.199, and 9.0.1 and Splunk Cloud Platform with version 9.0.2205, including the following:
|CVE-2022-2068||OpenSSL1.0.2||Upgraded to OpenSSL 1.0.2zf||Informational|
For Splunk Enterprise and Universal Forwarders, upgrade to 8.1.11, 188.8.131.52, 9.0.1, or higher.
For Splunk Cloud Platform customers, Splunk is actively patching and monitoring Splunk Cloud instances.
Splunk Enterprise and Universal Forwarders do not include the rehash or c_rehash functionality. However, out of an abundance of caution, Splunk upgraded OpenSSL to 1.0.2zf.
Splunk adopted NVD’s scoring of 6.5, Medium with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Splunk adopted NVD’s scoring of 6.5, Medium with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H.
In Splunk Enterprise and the Universal Forwarder, the libxml2 implementation and its handling of XML do not meet the prerequisites for potential exploitation (for example, parsing with the XML_PARSE_DTDVALID and without the XML_PARSE_NOENT options). As such, CVE-2022-23308 does not affect Splunk Enterprise and the Universal Forwarder. The vulnerability is Informational only.
- 2023-03-08: Updated CVE mismatch in tables and severity section. Updated severity for CVE-2022-23308. Updated severity section for CVE-2022-23308.