Splunk User Behavior Analytics (UBA) Third-Party Package Updates

Advisory ID: SVD-2024-0104

CVE ID:  Multiple

Published: 2024-01-09

Last Update: 2024-01-09


Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk User Behavior Analytics (UBA) versions 5.3.0 and 5.2.1, including the following:

socket.io-parserUpgraded to 4.6.2CVE-2023-32695High
protobufUpgraded to 3.21.12CVE-2015-5237High
protobufUpgraded to 3.21.12CVE-2022-3171High
protobufUpgraded to 3.21.12CVE-2022-3509High
protobufUpgraded to 3.21.12CVE-2022-3510High
GuavaUpgraded to 32.0.1CVE-2023-2976High


Upgrade Splunk User Behavior Analytics (UBA) to version 5.3.0, 5.2.1, or higher.

Product Status

ProductVersionComponentAffected VersionFix Version
Splunk User Behavior Analytics (UBA)--Below
Splunk User Behavior Analytics (UBA)--Below


For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating to align with industry standards.