Third-Party Package Updates in Splunk Add-on for Office 365 - October 2024
Advisory ID: SVD-2024-1013
CVE ID: Multiple
Published: 2024-10-17
Last Update: 2024-10-17
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Add-on for Office 365 versions 4.5.2 and higher, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| idna | Upgraded to 3.7 | CVE-2024-3651 | High |
| urllib3 | Upgraded to 1.26.19 | CVE-2024-37891 | Medium |
| certifi | Upgraded to 2024.7.4 | CVE-2024-39689 | High |
| requests | Upgraded to 2.31.0 | CVE-2023-32681 | Medium |
Solution
Upgrade Splunk Add-on for Office 365 versions 4.5.2 or higher.
Product Status
| Product | Version | Component | Affected Version | Fix Version |
|---|---|---|---|---|
| Splunk Add-on for Office 365 | 4.5.2 | Below 4.5.2 | 4.5.2 |
Severity
For the CVEs in this list, Splunk adopted one of the following ratings:
- Where applicable, the severity rating that the vendor published, or
- The national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating, otherwise.