November Third Party Package updates in Splunk Enterprise
Advisory ID: SVD-2022-1113
CVE ID: Multiple
Published: 2022-11-02
Last Update: 2023-02-14
Description
Splunk Enterprise remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in versions 8.1.12, 8.2.9, and 9.0.2, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| jackson-databind | Upgraded to 2.13.2.1 | CVE-2020-36518 | High |
| mongodb | Updgraded to 4.2.19 or 4.2.17-v4 | CVE-2021-32036 | Medium |
CVE-2021-32036 does not affect Splunk Enterprise 8.2 and 8.1. For Windows and macOS, mongodb was upgraded to 4.2.19. For Linux, mongodb was upgraded to 4.2.17-linux-splunk-v4, which includes the patch for CVE-2021-32036.
Solution
For Splunk Enterprise, upgrade versions to 8.1.12, 8.2.9, 9.0.2, or higher.
For Splunk Cloud Platform, Splunk is actively patching and monitoring the Splunk Cloud instances.
Product Status
| Product | Version | Component | Affected Version | Fix Version |
|---|---|---|---|---|
| Splunk Enterprise | 8.1 | - | 8.1.11 and lower | 8.1.12 |
| Splunk Enterprise | 8.2 | - | 8.2.0 to 8.2.8 | 8.2.9 |
| Splunk Enterprise | 9.0 | - | 9.0.0 to 9.0.1 | 9.0.2 |
| Splunk Cloud Platform | - | - | 9.0.2208 and lower | 9.0.2209 |
Severity
CVE-2020-36518
Splunk adopted NVD’s CVSS rating of High, 7.5 with a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.
CVE-2021-32036
Splunk adopted the vendor’s CVSS rating of Medium, 4.8 with a vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L.
Changelog
- 2023-02-14: Added CVE-2021-32036