Skip to main content

SPLUNK / PRODUCT SECURITY / SVD-2022-1113

November Third Party Package updates in Splunk Enterprise

Advisory ID: SVD-2022-1113

Published: 2022-11-02


Last Update: 2022-11-02

Description

Splunk Enterprise remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in versions 8.1.12, 8.2.9, and 9.0.2, Splunk Cloud Platform version 9.0.2209, including the following:

CVEPackageRemediationSeverity
CVE-2020-36518
jackson-databind
Upgraded to 2.13.2.1High


Solution

For Splunk Enterprise, upgrade versions to 8.1.12, 8.2.9, 9.0.2, or higher.


For Splunk Cloud Platform, Splunk is actively patching and monitoring the Splunk Cloud instances.

Product Status

ProductVersionAffected VersionFixed Version
Splunk Enterprise8.18.1.11 and lower8.1.12
Splunk Enterprise8.28.2.0 to 8.2.88.2.9
Splunk Enterprise9.09.0.0 to 9.0.19.0.2
Splunk Cloud Platform
9.0.2208 and lower9.0.2209


Severity

CVE-2020-36518

Splunk adopted NVD’s CVSS rating of High, 7.5 with a vector of  CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Questions? Submit your question to Splunk Support.