August Third Party Package updates in Splunk Enterprise and Universal Forwarders

Advisory ID: SVD-2022-0804

Published: 2022-08-16

Last Update: 2022-08-16

Description

Splunk Enterprise and Universal Forwarders remedied multiple CVEs in Third Party Packages in versions 8.1.11, 8.2.7.1, and 9.0.1 and Splunk Cloud Platform with version 9.0.2205, including the following:

CVEPackageRemediationSeverity
CVE-2022-2068OpenSSL1.0.2Upgraded to OpenSSL 1.0.2zfInformational
CVE-2021-3541libxml2Applied patchMedium
CVE-2022-29824libxml2Applied patchMedium
CVE-2022-29824libxml2Applied patchMedium

Solution

For Splunk Enterprise and Universal Forwarders, upgrade to 8.1.11, 8.2.7.1, 9.0.1, or higher.

For Splunk Cloud Platform customers, Splunk is actively patching and monitoring Splunk Cloud instances.

Severity

CVE-2022-2068

Splunk Enterprise and Universal Forwarders do not include the rehash or c_rehash functionality. However, out of an abundance of caution, Splunk upgraded OpenSSL to 1.0.2zf.

CVE-2021-3541

Splunk adopted NVD’s scoring of 6.5, Medium with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

CVE-2022-209824

Splunk adopted NVD’s scoring of 6.5, Medium with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

CVE-2022-23308

Splunk adopted a severity in line with NVD’s scoring of CVE-2022-209824 and CVE-2021-3541. Splunk rates CVE-2022-233089 as 6.5, Medium with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.