November Third Party Package updates in Splunk Enterprise

Advisory ID: SVD-2022-1113

CVE ID:  Multiple

Published: 2022-11-02

Last Update: 2023-02-14


Splunk Enterprise remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in versions 8.1.12, 8.2.9, and 9.0.2, including the following:

jackson-databindUpgraded to
mongodbUpdgraded to 4.2.19 or 4.2.17-v4CVE-2021-32036Medium

CVE-2021-32036 does not affect Splunk Enterprise 8.2 and 8.1. For Windows and macOS, mongodb was upgraded to 4.2.19. For Linux, mongodb was upgraded to 4.2.17-linux-splunk-v4, which includes the patch for CVE-2021-32036.


For Splunk Enterprise, upgrade versions to 8.1.12, 8.2.9, 9.0.2, or higher.

For Splunk Cloud Platform, Splunk is actively patching and monitoring the Splunk Cloud instances.

Product Status

ProductVersionComponentAffected VersionFix Version
Splunk Enterprise8.1-8.1.11 and lower8.1.12
Splunk Enterprise8.2-8.2.0 to
Splunk Enterprise9.0-9.0.0 to
Splunk Cloud Platform--9.0.2208 and lower9.0.2209



Splunk adopted NVD’s CVSS rating of High, 7.5 with a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.


Splunk adopted the vendor’s CVSS rating of Medium, 4.8 with a vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L.


  • 2023-02-14: Added CVE-2021-32036