Third Party Package Updates in IT Service Intelligence (ITSI)

Advisory ID: SVD-2023-0811

CVE ID:  CVE-2023-2976 

Published: 2023-08-30

Last Update: 2023-08-30

Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk IT Service Intelligence (ITSI), including the following:

CVEPackageRemediationSeverity
CVE-2023-2976guavaUpgraded to 32.0.0High

Solution

For Splunk IT Service Intelligence (ITSI), upgrade versions to 4.13.3 or 4.15.3

Product Status

ProductVersionComponentAffected VersionFix Version
Splunk ITSI4.15-4.15.0 to 4.15.24.15.3
Splunk ITSI4.13-4.13.0 to 4.13.24.13.3

Severity

For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating to align with industry standards.