Third-Party Package Updates in Splunk Infrastructure Monitoring Add-on - March 2025
Advisory ID: SVD-2025-0312
CVE ID: CVE-2024-39338
Published: 2025-03-26
Last Update: 2025-03-26
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Infrastructure Monitoring Add-on version 1.2.7, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| axios1 | Upgraded to 1.7.4 | CVE-2024-39338 | High |
1 Upgraded axios to 1.7.4 to remedy CVE-2024-39338
Solution
Upgrade Splunk Infrastructure Monitoring Add-on to versions 1.2.7, or higher.
Product Status
| Product | Version | Component | Affected Version | Fix Version |
|---|---|---|---|---|
| Splunk Infrastructure Monitoring Add-on | 1.2.7 | Below 1.2.7 | 1.2.7 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.