February Third Party Package Updates in Splunk Enterprise

Published: 2023-02-14

Last Update: 2023-02-14

Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in versions 8.1.13, 8.2.10, and 9.0.4 of Splunk Enterprise, including the following:

CVEPackageRemediationSeverity
CVE-2021-21419Python 2.7, eventletUpgraded to 2.7.18.4Informational
CVE-2021-28957Python 2.7, lxmlUpgraded to 2.7.18.4Medium
CVE-2022-24785Moment.jsUpgraded to 2.29.4High
CVE-2022-31129Moment.jsUpgraded to 2.29.4High
CVE-2022-32212Node.jsApplied patchHigh
CVE-2015-20107Python 3.7Applied patchInformational
CVE-2021-3517Libxml2Applied patchHigh
CVE-2021-3537Libxml2Applied patchMedium
CVE-2021-3518Libxml2Applied patchHigh

CVE-2021-21419 and CVE-2021-28957 do not affect Splunk Cloud Platform or Splunk Enterprise 9.0.

Solution

For Splunk Enterprise, upgrade versions to 8.1.12, 8.2.9, 9.0.4, or higher.

For Splunk Cloud Platform versions below 9.0.2209, Splunk is actively patching and monitoring the Splunk Cloud instances.

Product Status

ProductVersionComponentAffected VersionFix Version
Splunk Enterprise8.1-8.1.12 and lower8.1.13
Splunk Enterprise8.2-8.2.0 to 8.2.98.2.10
Splunk Enterprise9.0-9.0.0 to 9.0.39.0.4
Splunk Cloud Platform--9.0.2209 and lower9.0.2209.3

Severity

CVE-2021-21419

Splunk Enterprise and Splunk Cloud Platform do not use the vulnerable code. However, out of an abundance of caution, Splunk upgraded the version of Python2.7 to 2.7.18.4 in Splunk Enterprise versions 8.1 and 8.2.

CVE-2021-28957

Splunk adopted the national vulnerability database (NVD) CVSS rating of Medium, 6.1 with a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

CVE-2022-24785

Splunk adopted the NVD CVSS rating of High, 7.5 with a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

CVE-2022-31129

Splunk adopted the NVD CVSS rating of High, 7.5 with a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

CVE-2022-32212

Splunk adopted the NVD CVSS rating of High, 8.1 with a vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

CVE-2015-20107

Splunk Enterprise and Splunk Cloud Platform do not use the vulnerable mailcap.py. However, out of an abundance of caution, Splunk patched this file. As an alternative to updating, delete or patch the vulnerable file at SPLUNK_HOME/splunk/lib/python3.7/mailcap.py.

CVE-2021-3517

Splunk adopted the NVD CVSS rating of High, 8.6 with a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H.

CVE-2021-3537

Splunk adopted the NVD CVSS rating of Medium, 5.9 with a vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H.

CVE-2021-3518

Splunk adopted the NVD CVSS rating of High, 8.8 with a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.