Third-Party Package Updates in Splunk Add-on for JBoss - January 2025
Advisory ID: SVD-2025-0102
CVE ID: Multiple
Published: 2025-01-07
Last Update: 2025-01-07
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Add-on for JBoss versions 3.1.1 and higher, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| org.jboss.xnio:xnio-nio | Upgraded to 3.8.16 | CVE-2020-14340 | Medium |
| org.jboss.xnio:xnio-api | Upgraded to 3.8.16 | CVE-2023-5685 | High |
| org.jboss.remoting:jboss-remoting | Upgraded to 5.0.29 | CVE-2020-35510 | Medium |
Solution
Upgrade Splunk Add-on for JBoss to version 3.1.1 or higher.
Product Status
| Product | Version | Component | Affected Version | Fix Version |
|---|---|---|---|---|
| Splunk Add-on for JBoss | Below 3.1.1 | 3.1.1 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.