June Third Party Package Updates in Splunk Cloud

Published: 2023-06-01

Last Update: 2023-06-01

Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Cloud, including the following:

CVEPackageRemediationSeverity
CVE-2022-40303libxml2PatchedHigh
CVE-2022-40304libxml2PatchedHigh
CVE-2022-23491certifiUpgraded to 2022.12.7High
CVE-2022-43680python3Upgraded to 3.7.16High
CVE-2023-0286OpenSSL 1.0.2Upgraded to 1.0.2zgHigh
CVE-2023-0215OpenSSL 1.0.2Upgraded to 1.0.2zgHigh
CVE-2022-4304OpenSSL 1.0.2Upgraded to 1.0.2zgMedium
CVE-2022-33987gotUpgraded to 12.5.3Medium

Solution

For Splunk Cloud Platform, Splunk is actively patching and monitoring the Splunk Cloud instances.

Product Status

ProductVersionComponentAffected VersionFix Version
Splunk Cloud-9.0.2303 and lower9.0.2303.100

Severity

For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) CVSS rating to align with industry standards.