November 2023 Splunk Universal Forwarder Third-Party Updates

Advisory ID: SVD-2023-1107

CVE ID:  Multiple

Published: 2023-11-16

Last Update: 2023-12-18


Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Universal Forwarder, including the following:

opensslUpgraded to 1.0.2ziCVE-2023-3817Low
opensslUpgraded to 1.0.2ziCVE-2023-3446Low


For Splunk Universal Forwarder, upgrade versions to 9.0.7 or 9.1.2.

Product Status

ProductVersionComponentAffected VersionFix Version
Splunk Universal Forwarder9.0-9.0.0 to
Splunk Universal Forwarder9.1-9.1.0 to


For the CVEs in this list, Splunk adopted the vendor’s severity.


  • 2023-12-18: Removed Python (CVE-2023-24329) and bottle (CVE-2022-31799) as neither are included in the Splunk Universal Forwarder product

  • 2023-11-20: Corrected the product in the Product Status table from Splunk Enterprise to Splunk Universal Forwarder