Third Party Package Updates in IT Service Intelligence (ITSI)
Advisory ID: SVD-2023-0811
CVE ID: CVE-2023-2976
Published: 2023-08-30
Last Update: 2023-08-30
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk IT Service Intelligence (ITSI), including the following:
| CVE | Package | Remediation | Severity |
|---|---|---|---|
| CVE-2023-2976 | guava | Upgraded to 32.0.0 | High |
Solution
For Splunk IT Service Intelligence (ITSI), upgrade versions to 4.13.3 or 4.15.3
Product Status
| Product | Version | Component | Affected Version | Fix Version |
|---|---|---|---|---|
| Splunk ITSI | 4.15 | - | 4.15.0 to 4.15.2 | 4.15.3 |
| Splunk ITSI | 4.13 | - | 4.13.0 to 4.13.2 | 4.13.3 |
Severity
For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating to align with industry standards.