June Third Party Package Updates in Splunk Cloud

Advisory ID: SVD-2023-0615

CVE ID:  Multiple

Published: 2023-06-01

Last Update: 2023-06-01

Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Cloud, including the following:

PackageRemediationCVESeverity
libxml2PatchedCVE-2022-40303High
libxml2PatchedCVE-2022-40304High
certifiUpgraded to 2022.12.7CVE-2022-23491High
python3Upgraded to 3.7.16CVE-2022-43680High
OpenSSL 1.0.2Upgraded to 1.0.2zgCVE-2023-0286High
OpenSSL 1.0.2Upgraded to 1.0.2zgCVE-2023-0215High
OpenSSL 1.0.2Upgraded to 1.0.2zgCVE-2022-4304Medium
gotUpgraded to 12.5.3CVE-2022-33987Medium

Solution

For Splunk Cloud Platform, Splunk is actively patching and monitoring the Splunk Cloud instances.

Product Status

ProductAffected VersionFix Version
Splunk Cloud9.0.2303 and lower9.0.2303.100

Severity

For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) CVSS rating to align with industry standards.