- Can Splunk provide more details or an exploit for a CVE/SVD?
Splunk does not provide additional information about the specifics of vulnerabilities beyond what it discloses in a Security Advisory. Splunk does not distribute active exploit code for vulnerabilities.
- I require additional information or have questions not answered in the advisories. Where can I go?
Customers who require additional information that a Security Advisory does not address can visit the Support Portal and submit a New Case.
- When does Splunk publish an advisory?
Splunk targets publishing security advisories several weeks after release of security mitigations/remediations to possibly impacted customers. For critical matters, Splunk targets publishing security advisories shortly after mitigating/remediating possibly impacted customers.
- How can I get information about security vulnerabilities in Splunk products and services?
The Splunk Security Advisory site is the authoritative source for information on Splunk Security Advisories.
- How can I get information about the support policy for Splunk products?
Splunk provides security advisories for supported products. See Splunk Support Policy for more information.
- Do I need to sign up anywhere to get access to Splunk security advisories?
No. Security advisories are available by accessing the Splunk Security Advisory site. If you use a Really Simple Syndication (RSS) reader, you can subscribe to the RSS feed to get updates as soon as Splunk publishes or updates a security advisory.
- Do I need to be logged into my splunk.com account to see information about security advisories?
No. All security advisories that Splunk has released appear on the Splunk Security Advisory site.
- Which Splunk products do the security advisories apply to?
Refer to a specific security advisory for information on the product to which a security advisory applies. The “Product Status” section of each security advisory explicitly lists which products and versions are affected by the vulnerabilities that appear in the security advisory.
- How do I know which version of a Splunk product fixes a vulnerability that Splunk has disclosed?
Refer to a specific security advisory for information on which versions include a fix for a vulnerability in the product. The “Fix Version” column in the “Product Status” table in the advisory shows the minimum version to which you must upgrade.
- What can I do to detect the potential exploitation of a vulnerability in my own environment?
Splunk makes detections available through the Splunk Enterprise Security (ES) Content Updates (ESCU) application, to help customers detect the potential exploitation of these vulnerabilities in customer environments. If you have ES, you can get ESCU update notices, but you will need to enable detections on your Splunk Cloud service or Splunk on-premises deployment for these notifications. If you don’t have ES, visit research.splunk.com to obtain detection logic if available.
- Will Splunk ever update an advisory after it has been published?
If there is new material information about a security advisory that warrants an update, Splunk will update the security advisory with the new information.
- I found a potential security issue in a Splunk product. Where can I report it?
If you believe you have discovered a security issue in a Splunk product, visit the Splunk Vulnerability Disclosure Program site for steps on how to submit a finding.
- Some Splunk Third-party advisories mention “Multiple” as the common vulnerabilities and exposures (CVE) in the package upgrade. What does “Multiple” mean?
In the context of third-party advisories, “Multiple” means that Splunk resolved multiple CVEs by upgrading the specific package. For more information on which CVEs were resolved, read vendor announcements for the specific package.
- I'm on a vulnerable version of Splunk Enterprise, can I upgrade straight to the advisory release?
See the official Splunk documentation for instructions on how to upgrade and available upgrade paths.
- When will Splunk upgrade my Splunk Cloud Platform deployment and enable the fixes?
Because of the complexity and potential impact of fully remedying a deployment, rollout requires careful planning and coordination to prevent customer disruption. You will receive a notification from Splunk about scheduling your update. Each advisory also lists any applicable interim mitigations that customers may apply.
- How can I tell what new Splunk products are compatible with existing products?
See the Splunk products version compatibility matrix to understand compatibility for new and existing Splunk products.
- Do the vulnerabilities apply to unsupported versions of Splunk products?
Splunk has not tested or verified the impact of vulnerabilities on versions it does not currently support. Review the Splunk Support Policy for currently supported versions.
- I can’t upgrade my Splunk deployment right now. How can I mitigate a vulnerability in my environment?
Refer to the individual security advisories on the Splunk Security Advisories site for any applicable mitigations. As mitigations are a stopgap measure to reduce exposure to your environment until such time as you can upgrade, refrain from using them long-term.