February Third Party Package Updates in Splunk Enterprise
Advisory ID: SVD-2023-0215
CVE ID: Multiple
Published: 2023-02-14
Last Update: 2023-02-14
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in versions 8.1.13, 8.2.10, and 9.0.4 of Splunk Enterprise, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| Python 2.7, eventlet | Upgraded to 2.7.18.4 | CVE-2021-21419 | Informational |
| Python 2.7, lxml | Upgraded to 2.7.18.4 | CVE-2021-28957 | Medium |
| Moment.js | Upgraded to 2.29.4 | CVE-2022-24785 | High |
| Moment.js | Upgraded to 2.29.4 | CVE-2022-31129 | High |
| Node.js | Applied patch | CVE-2022-32212 | High |
| Python 3.7 | Applied patch | CVE-2015-20107 | Informational |
| Libxml2 | Applied patch | CVE-2021-3517 | High |
| Libxml2 | Applied patch | CVE-2021-3537 | Medium |
| Libxml2 | Applied patch | CVE-2021-3518 | High |
CVE-2021-21419 and CVE-2021-28957 do not affect Splunk Cloud Platform or Splunk Enterprise 9.0.
Solution
For Splunk Enterprise, upgrade versions to 8.1.12, 8.2.9, 9.0.4, or higher.
For Splunk Cloud Platform versions below 9.0.2209, Splunk is actively patching and monitoring the Splunk Cloud instances.
Product Status
| Product | Version | Component | Affected Version | Fix Version |
|---|---|---|---|---|
| Splunk Enterprise | 8.1 | - | 8.1.12 and lower | 8.1.13 |
| Splunk Enterprise | 8.2 | - | 8.2.0 to 8.2.9 | 8.2.10 |
| Splunk Enterprise | 9.0 | - | 9.0.0 to 9.0.3 | 9.0.4 |
| Splunk Cloud Platform | - | - | 9.0.2209 and lower | 9.0.2209.3 |
Severity
CVE-2021-21419
Splunk Enterprise and Splunk Cloud Platform do not use the vulnerable code. However, out of an abundance of caution, Splunk upgraded the version of Python2.7 to 2.7.18.4 in Splunk Enterprise versions 8.1 and 8.2.
CVE-2021-28957
Splunk adopted the national vulnerability database (NVD) CVSS rating of Medium, 6.1 with a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.
CVE-2022-24785
Splunk adopted the NVD CVSS rating of High, 7.5 with a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.
CVE-2022-31129
Splunk adopted the NVD CVSS rating of High, 7.5 with a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.
CVE-2022-32212
Splunk adopted the NVD CVSS rating of High, 8.1 with a vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.
CVE-2015-20107
Splunk Enterprise and Splunk Cloud Platform do not use the vulnerable mailcap.py. However, out of an abundance of caution, Splunk patched this file. As an alternative to updating, delete or patch the vulnerable file at SPLUNK_HOME/splunk/lib/python3.7/mailcap.py.
CVE-2021-3517
Splunk adopted the NVD CVSS rating of High, 8.6 with a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H.
CVE-2021-3537
Splunk adopted the NVD CVSS rating of Medium, 5.9 with a vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H.
CVE-2021-3518
Splunk adopted the NVD CVSS rating of High, 8.8 with a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.