Third-Party Package Updates in Splunk DB Connect - July 2025

Advisory ID: SVD-2025-0701

CVE ID:  Multiple

Published: 2025-07-07

Last Update: 2025-07-07

Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk DB Connect version 4.0 including the following:

PackageRemediationCVESeverity
bcprov-jdk15onUpgraded to 1.7.9CVE-2024-29857Medium
pyopenSSLUpgraded to 24.2.1CVE-2023-5363High
dompurifyUpgraded to 2.5.4CVE-2024-45801, CVE-2024-47875High
requirejsUpgraded to 2.3.7CVE-2024-38999High
mysql-connector-pythonUpgraded to 9.1.0CVE-2024-21272, CVE-2024-21090High

Solution

Upgrade Splunk DB Connect to versions 4.0, or higher.

Product Status

ProductBase VersionAffected VersionFix Version
Splunk DB Connect4.0Below 4.0.04.0.0

Severity

For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.