Third Party Package Update in Splunk Add-on for Amazon Web Services
Advisory ID: SVD-2023-1101
CVE ID: CVE-2023-37920
Published: 2023-11-16
Last Update: 2023-11-16
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in version 7.2.0 of Splunk Add-on for Amazon Web Services, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| certifi | Upgraded to 2023.7.22 | CVE-2023-37920 | Critical |
Solution
Upgrade the Splunk Add-on for Amazon Web Services to version 7.2.0 or higher.
Product Status
| Product | Version | Component | Affected Version | Fix Version |
|---|---|---|---|---|
| Splunk Add-on for Amazon Web Services | - | - | Below 7.2.0 | 7.2.0 |
Severity
For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating to align with industry standards.