Third-Party Package Updates in Splunk Add-on for Microsoft Cloud Services - March 2025
Advisory ID: SVD-2025-0311
CVE ID: Multiple
Published: 2025-03-26
Last Update: 2025-03-26
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Add-on for Microsoft Cloud Services versions 5.4.3 and higher, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| cryptography | Upgraded to 43.0.1 | CVE-2024-4603, CVE-2024-2511 | Medium |
Solution
Upgrade Splunk Add-on for Microsoft Cloud Services version 5.4.3 and higher.
Product Status
| Product | Version | Component | Affected Version | Fix Version |
|---|---|---|---|---|
| Splunk Add-on for Microsoft Cloud Services | 5.4 | Below 5.4.4 | 5.4.3 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.