Third-Party Package Updates in Splunk Infrastructure Monitoring Add-on - March 2025

Advisory ID: SVD-2025-0312

CVE ID: CVE-2024-39338

Published: 2025-03-26

Last Update: 2025-03-26

Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Infrastructure Monitoring Add-on version 1.2.7, including the following:

PackageRemediationCVESeverity
axiosUpgraded to 1.7.4CVE-2024-39338High

Solution

Upgrade Splunk Infrastructure Monitoring Add-on to versions 1.2.7, or higher.

Product Status

ProductVersionComponentAffected VersionFix Version
Splunk Infrastructure Monitoring Add-on1.2.7Below 1.2.71.2.7

Severity

For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.