Third-Party Package Updates in FireAMP App - April 2025

Advisory ID: SVD-2025-0404

CVE ID:  Multiple

Published: 2025-04-09

Last Update: 2025-04-09

Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in FireAMP version 2.1.13 and higher, including the following:

PackageRemediationCVESeverity
certifi1Package RemovedCVE-2022-23491High
urllib32Package RemovedCVE-2023-43804High

1 FireAMP removed the wheels folder which contains certifi package to remedy CVE-2022-23491

2 FireAMP removed the wheels folder which contains urllib3 package to remedy CVE-2023-43804

Solution

Upgrade FireAMP to version 2.1.13 or higher.

Product Status

ProductVersionComponentAffected VersionFix Version
FireAMP2.1.13Below 2.1.132.1.13

Severity

For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.