June Third Party Package Updates in Splunk Cloud
Advisory ID: SVD-2023-0615
CVE ID: Multiple
Published: 2023-06-01
Last Update: 2023-06-01
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Cloud, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| libxml2 | Patched | CVE-2022-40303 | High |
| libxml2 | Patched | CVE-2022-40304 | High |
| certifi | Upgraded to 2022.12.7 | CVE-2022-23491 | High |
| python3 | Upgraded to 3.7.16 | CVE-2022-43680 | High |
| OpenSSL 1.0.2 | Upgraded to 1.0.2zg | CVE-2023-0286 | High |
| OpenSSL 1.0.2 | Upgraded to 1.0.2zg | CVE-2023-0215 | High |
| OpenSSL 1.0.2 | Upgraded to 1.0.2zg | CVE-2022-4304 | Medium |
| got | Upgraded to 12.5.3 | CVE-2022-33987 | Medium |
Solution
For Splunk Cloud Platform, Splunk is actively patching and monitoring the Splunk Cloud instances.
Product Status
| Product | Affected Version | Fix Version |
|---|---|---|
| Splunk Cloud | 9.0.2303 and lower | 9.0.2303.100 |
Severity
For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) CVSS rating to align with industry standards.