Third-Party Package Updates in Symantec Data Loss Prevention App - April 2025
Advisory ID: SVD-2025-0408
CVE ID: Multiple
Published: 2025-04-09
Last Update: 2025-04-09
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Symantec Data Loss Prevention App version 2.2.1 and higher, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| certifi1 | Package Removed | CVE-2022-23491 | High |
| urllib32 | Package Removed | CVE-2023-43804 | High |
| libxml23 | Upgraded to 2.12.9 | Multiple | High |
| zlib4 | Upgraded to 1.3.1 | CVE-2022-37434 | Critical |
| libxslt5 | Upgraded to 1.1.42 | CVE-2021-30560 | Critical |
| lxml6 | Upgraded to 5.3.0 | CVE-2022-2309 | High |
1 Symantec Data Loss Prevention removed the certifi in symantecdlp/wheels/shared folder to remedy CVE-2022-23491
2 Symantec Data Loss Prevention removed the urllib3 in symantecdlp/wheels/shared folder to remedy CVE-2023-43804
3 Symantec Data Loss Prevention upgraded libxml2 in symantecdlp/wheels folder to remedy multiple CVE’s
4 Symantec Data Loss Prevention upgraded zlib in symantecdlp/wheels folder to remedy CVE-2022-37434
5 Symantec Data Loss Prevention upgraded libxslt in symantecdlp/wheels folder to remedy CVE-2021-30560
6 Symantec Data Loss Prevention upgraded lxml in symantecdlp/wheels folder to remedy CVE-2022-2309
Solution
Upgrade Symantec Data Loss Prevention to version 2.2.1 or higher.
Product Status
| Product | Version | Component | Affected Version | Fix Version |
|---|---|---|---|---|
| Symantec Data Loss Prevention | 2.2.1 | Below 2.2.1 | 2.2.1 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.