Advisory ID: SVD-2022-1113
Last Update: 2022-11-02
Splunk Enterprise remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in versions 8.1.12, 8.2.9, and 9.0.2, Splunk Cloud Platform version 9.0.2209, including the following:
|CVE-2020-36518||jackson-databind||Upgraded to 188.8.131.52||High|
For Splunk Enterprise, upgrade versions to 8.1.12, 8.2.9, 9.0.2, or higher.
For Splunk Cloud Platform, Splunk is actively patching and monitoring the Splunk Cloud instances.
|Product||Version||Affected Version||Fixed Version|
|Splunk Enterprise||8.1||8.1.11 and lower||8.1.12|
|Splunk Enterprise||8.2||8.2.0 to 8.2.8||8.2.9|
|Splunk Enterprise||9.0||9.0.0 to 9.0.1||9.0.2|
|Splunk Cloud Platform||9.0.2208 and lower||9.0.2209|
Splunk adopted NVD’s CVSS rating of High, 7.5 with a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.