November 2023 Third Party Package updates in Splunk Enterprise

Advisory ID: SVD-2023-1105

CVE ID:  Multiple

Published: 2023-11-16

Last Update: 2023-11-16


Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Enterprise, including the following:

protobufUpgraded to 3.15.8CVE-2021-22570
bottleUpgraded to 0.12.25CVE-2022-31799
pythonUpgraded to 3.7.17CVE-2023-24329
opensslUpgraded to 1.0.2ziCVE-2023-3817
opensslUpgraded to 1.0.2ziCVE-2023-3446


For Splunk Enterprise, upgrade versions to 9.0.7 or 9.1.2.

Product Status

ProductVersionComponentAffected VersionFix Version
Splunk Enterprise9.0Splunk Web9.0.0 to
Splunk Enterprise9.1Splunk Web9.1.0 to


For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating to align with industry standards.