August Third Party Package updates in Splunk Enterprise and Universal Forwarders
Advisory ID: SVD-2022-0804
Last Update: 2022-08-16
Splunk Enterprise and Universal Forwarders remedied multiple CVEs in Third Party Packages in versions 8.1.11, 22.214.171.124, and 9.0.1 and Splunk Cloud Platform with version 9.0.2205, including the following:
|CVE-2022-2068||OpenSSL 1.0.2||Upgraded to OpenSSL 1.0.2zf||Informational|
For Splunk Enterprise and Universal Forwarders, upgrade to 8.1.11, 126.96.36.199, 9.0.1, or higher.
For Splunk Cloud Platform customers, Splunk is actively patching and monitoring Splunk Cloud instances.
|Product||Version||Affected Version||Fixed Version|
|Universal Forwarders||8.1||8.1.10 and lower||8.1.11|
|Universal Forwarders||8.2||8.2.0 to 8.2.7||188.8.131.52|
|Splunk Enterprise||8.1||8.1.10 and lower||8.1.11|
|Splunk Enterprise||8.2||8.2.0 to 8.2.7||184.108.40.206|
|Splunk Cloud Platform||8.2.2203.4 and lower||9.0.2205|
Splunk Enterprise and Universal Forwarders do not include the rehash or c_rehash functionality. However, out of an abundance of caution, Splunk upgraded OpenSSL to 1.0.2zf.
Splunk adopted a severity in line with NVD’s scoring of CVE-2022-209824 and CVE-2021-3541. Splunk rates CVE-2022-233089 as 6.5, Medium with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
2022-09-09: Changed version updated to OpenSSL 1.0.2zf from OpenSSL 1.0.2ze