Third-Party Package Updates in Splunk AppDynamics Database Agent - March 2026

Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk AppDynamics Database Agent version 26.1.0, and higher, including the following:

₁ Upgraded openjdk from version 17.0.16 to version 17.0.18 to remedy CVE-2025-50059, CVE-2025-50106, CVE-2025-30749, CVE-2025-53066, CVE-2025-53057, and CVE-2025-30754.

₂ Upgraded msal4j from version 1.10.1 to version 1.23.1, which removed the transitive dependency jackson-databind to remedy CVE-2022-42003, CVE-2022-42004, CVE-2021-46877, and CVE-2020-36518.

₃ Upgraded commons-logging from version 1.2 to version 1.3.5, which updated the transitive dependency log4j to the fixed version 2.24.3 to remedy CVE-2022-23307, CVE-2019-17571, CVE-2023-26464, CVE-2022-23305, and CVE-2022-23302.

₄ Upgraded oauth2-oidc-sdk from version 9.20 to 11.30.1, which updated the transitive Bouncy Castle dependencies to version 1.83 to remediate CVE-2025-8916, CVE-2024-30171, CVE-2024-29857, CVE-2023-33201, and CVE-2023-33202, and updated the transitive nimbus-jose-jwt dependencies to version 10.8 to remediate CVE-2023-52428 and CVE-2025-53864.

Solution

Upgrade Splunk AppDynamics Database Agent to versions 26.1.0 or higher.

Product Status

Severity

For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.