Third Party Package Updates in IT Service Intelligence (ITSI)
Advisory ID: SVD-2023-0811
CVE ID: Multiple
Published: 2023-08-30
Last Update: 2023-08-30
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk IT Service Intelligence (ITSI), including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| guava | Upgraded to 32.0.0 | CVE-2023-2976 | High |
Solution
For Splunk IT Service Intelligence (ITSI), upgrade versions to 4.13.3 or 4.15.3
Product Status
| Product | Base Version | Affected Version | Fix Version |
|---|---|---|---|
| Splunk ITSI | 4.15 | 4.15.0 to 4.15.2 | 4.15.3 |
| Splunk ITSI | 4.13 | 4.13.0 to 4.13.2 | 4.13.3 |
Severity
For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating to align with industry standards.