Splunk / Product Security / SVD-2022-0804

August Third Party Package updates in Splunk Enterprise and Universal Forwarders

Advisory ID: SVD-2022-0804

Published: 2022-08-16


Last Update: 2022-08-16

Description

Splunk Enterprise and Universal Forwarders remedied multiple CVEs in Third Party Packages in versions 8.1.11, 8.2.7.1, and 9.0.1 and Splunk Cloud Platform with version 9.0.2205, including the following:

CVEPackageRemediationSeverity
CVE-2022-2068OpenSSL 1.0.2Upgraded to OpenSSL 1.0.2zfInformational
CVE-2021-3541libxml2Applied patchMedium
CVE-2022-29824libxml2Applied patchMedium
CVE-2022-23308libxml2Applied patchMedium


Solution

For Splunk Enterprise and Universal Forwarders, upgrade to 8.1.11, 8.2.7.1, 9.0.1, or higher.

For Splunk Cloud Platform customers, Splunk is actively patching and monitoring Splunk Cloud instances.


Product Status

ProductVersionAffected VersionFixed Version
Universal Forwarders8.18.1.10 and lower8.1.11
Universal Forwarders8.28.2.0 to 8.2.78.2.7.1
Universal Forwarders9.09.0.09.0.1
Splunk Enterprise8.18.1.10 and lower8.1.11
Splunk Enterprise8.28.2.0 to 8.2.78.2.7.1
Splunk Enterprise9.09.0.09.0.1
Splunk Cloud Platform
8.2.2203.4 and lower9.0.2205


Severity

CVE-2022-2068

Splunk Enterprise and Universal Forwarders do not include the rehash or c_rehash functionality. However, out of an abundance of caution, Splunk upgraded OpenSSL to 1.0.2zf.

CVE-2021-3541

Splunk adopted NVD’s scoring of 6.5, Medium with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

CVE-2022-209824

Splunk adopted NVD’s scoring of 6.5, Medium with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

CVE-2022-23308

Splunk adopted a severity in line with NVD’s scoring of CVE-2022-209824 and CVE-2021-3541. Splunk rates CVE-2022-233089 as 6.5, Medium with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.


Changelog

2022-09-09: Changed version updated to OpenSSL 1.0.2zf from OpenSSL 1.0.2ze