November 2023 Splunk Universal Forwarder Third-Party Updates
Advisory ID: SVD-2023-1107
CVE ID: Multiple
Last Update: 2023-11-20
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Universal Forwarder, including the following:
|bottle||Upgraded to 0.12.25||CVE-2022-31799|
|python||Upgraded to 3.7.17||CVE-2023-24329|
|openssl||Upgraded to 1.0.2zi||CVE-2023-3817|
|openssl||Upgraded to 1.0.2zi||CVE-2023-3446|
For Splunk Universal Forwarder, upgrade versions to 9.0.7 or 9.1.2.
|Product||Version||Component||Affected Version||Fix Version|
|Splunk Universal Forwarder||9.0||-||9.0.0 to 9.0.6||9.0.7|
|Splunk Universal Forwarder||9.1||-||9.1.0 to 9.1.1||9.1.2|
For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating to align with industry standards.
- 2023-11-20: Corrected the product in the Product Status table from Splunk Enterprise to Splunk Universal Forwarder