Skip to main content

SPLUNK / PRODUCT SECURITY / SVD-2022-1114

Splunk’s response to OpenSSL’s CVE-2022-3602 and CVE-2022-3786

Advisory ID: SVD-2022-1114

Published: 2022-11-01

CVE ID: CVE-2022-3602, CVE-2022-3786

Last Update: 2022-11-01

Description

OpenSSL released two High vulnerabilities, CVE-2022-3602 and CVE-2022-3786, impacting OpenSSL 3.0 on Nov 1. For more information, see OpenSSL’s advisory. Splunk products and services are not impacted by CVE-2022-3602 or CVE-2022-3786. If OpenSSL 3.0 is present in your environment’s local operating system, we recommend updating per OpenSSL’s advisory.

Product Status

ProductVersionAffected VersionFixed Version
Splunk Enterprise
Not affectedNA
Universal Forwarders
Not affectedNA
Splunk Cloud Platform
Not affectedNA
Splunk Observatibility Platform
Not affectedNA
SOAR Cloud
Not affectedNA
SOAR
Not affectedNA
Splunk Automation Broker
Not affectedNA
Enterprise Security
Not affectedNA
Splunk Security Essentials
Not affectedNA
IT Service Intelligence
Not affectedNA
Splunk UBA
Not affectedNA
Data Stream Processor
Not affectedNA
Splunk Addon for Active Directory
Not affectedNA
Splunk Addon for Add-on for Infrastructure
Not affectedNA
Splunk Addon for Add-on for Microsoft Exchange
Not affectedNA
Splunk Addon for Add-on for VMware
Not affectedNA
Splunk Addon for Amazon Kinesis Firehose
Not affectedNA
Splunk Addon for Amazon Web Services
Not affectedNA
Splunk Addon for Apache Web Server
Not affectedNA
Splunk Addon for Bit9 Carbon Black
Not affectedNA
Splunk Addon for Blue Coat ProxySG
Not affectedNA
Splunk Addon for BMC Remedy
Not affectedNA
Splunk Addon for Box
Not affectedNA
Splunk Addon for Bromium
Not affectedNA
Splunk Addon for Check Point OPSEC LEA
Not affectedNA
Splunk Addon for Cisco ASA
Not affectedNA
Splunk Addon for Cisco ESA
Not affectedNA
Splunk Addon for Cisco FireSIGHT
Not affectedNA
Splunk Addon for Cisco Identity Services
Not affectedNA
Splunk Addon for Cisco UCS
Not affectedNA
Splunk Addon for Citrix NetScaler
Not affectedNA
Splunk Addon for CyberArk
Not affectedNA
Splunk Addon for F5 BIG-IP
Not affectedNA
Splunk Addon for Forcepoint Web Security
Not affectedNA
Splunk Addon for Google Cloud Platform
Not affectedNA
Splunk Addon for HAProxy
Not affectedNA
Splunk Addon for IBM WebSphere Application Server
Not affectedNA
Splunk Addon for Imperva SecureSphere WAF
Not affectedNA
Splunk Addon for Infoblox
Not affectedNA
Splunk Addon for ISC BIND
Not affectedNA
Splunk Addon for ISC DHCP
Not affectedNA
Splunk Addon for Java Management Extensions
Not affectedNA
Splunk Addon for JBoss
Not affectedNA
Splunk Addon for Juniper
Not affectedNA
Splunk Addon for Kafka
Not affectedNA
Splunk Addon for Linux
Not affectedNA
Splunk Addon for McAfee
Not affectedNA
Splunk Addon for McAfee Web Gateway
Not affectedNA
Splunk Addon for Microsoft Cloud Services
Not affectedNA
Splunk Addon for Microsoft Hyper-V
Not affectedNA
Splunk Addon for Microsoft IIS
Not affectedNA
Splunk Addon for Microsoft Office 365
Not affectedNA
Splunk Addon for Microsoft SQL Server
Not affectedNA
Splunk Addon for Microsoft Windows
Not affectedNA
Splunk Addon for MySQL
Not affectedNA
Splunk Addon for Nagios Core
Not affectedNA
Splunk Addon for NGINX
Not affectedNA
Splunk Addon for OPC
Not affectedNA
Splunk Addon for Oracle Database
Not affectedNA
Splunk Addon for OSSEC
Not affectedNA
Splunk Addon for RSA DLP
Not affectedNA
Splunk Addon for RSA SecurID
Not affectedNA
Splunk Addon for Salesforce
Not affectedNA
Splunk Addon for ServiceNow
Not affectedNA
Splunk Addon for Sophos
Not affectedNA
Splunk Addon for Squid Proxy
Not affectedNA
Splunk Addon for Stream Addon for Wire Data
Not affectedNA
Splunk Addon for Symantec DLP
Not affectedNA
Splunk Addon for Symantec Endpoint Protection
Not affectedNA
Splunk Addon for Tomcat
Not affectedNA
Splunk Addon for Unix and Linux
Not affectedNA
Splunk Addon for Websense DLP
Not affectedNA
Splunk Addon for Zeek
Not affectedNA
Splunk App for AWS
Not affectedNA
Splunk App for Common Information Model (CIM)
Not affectedNA
Splunk App for DB Connect
Not affectedNA
Splunk App for DB Connect - Older Unsupported versions
Not affectedNA
Splunk App for Info Sec
Not affectedNA
Splunk App for InfoSec App for Splunk
Not affectedNA
Splunk App for Infrastructure
Not affectedNA
Splunk App for IT Essentials Learn
Not affectedNA
Splunk App for IT Essentials Work
Not affectedNA
Splunk App for Machine Learning Toolkit (MLTK) and Python for Scientific Computing (PSC)
Not affectedNA
Splunk App for Microsoft Exchange
Not affectedNA
Splunk App for NetApp Data ONTAP
Not affectedNA
Splunk App for PCI Compliance
Not affectedNA
Splunk App for Security Essentials
Not affectedNA
Splunk App for Splunk Product Guidance
Not affectedNA
Splunk App for Stream
Not affectedNA
Splunk App for Unix and Linux
Not affectedNA
Splunk App for VMware
Not affectedNA
Splunk App for Windows
Not affectedNA
Splunk App for Windows Infrastructure
Not affectedNA
Splunk Add-on Builder
Not affectedNA
Splunk AppInspect
Not affectedNA
Splunk SDKs
Not affectedNA
Splunk Logging Library for Java
Not affectedNA
Security Analytics for AWS
Not affectedNA
Splunk Add-on for VMware Metrics
Not affectedNA
Splunk App for Content Packs
Not affectedNA
Splunk App for Infrastructure (SAI)
Not affectedNA
Splunk App for Mint
Not affectedNA
Splunk Application Performance Monitoring
Not affectedNA
Splunk Assist
Not affectedNA
Splunk Augmented Reality
Not affectedNA
Splunk Cloud Data Manager (SCDM)
Not affectedNA
Splunk Cloud Developer Edition
Not affectedNA
Splunk Connect for Kafka
Not affectedNA
Splunk Connect for Kubernetes
Not affectedNA
Splunk Connect for Kubernetes-OpenTelemetry
Not affectedNA
Splunk Connect for SNMP
Not affectedNA
Splunk Connect for Syslog
Not affectedNA
Splunk DB TA LAR
Not affectedNA
Splunk Edge Hub
Not affectedNA
Splunk Enterprise Amazon Machine Image (AMI)
Not affectedNA
Splunk Enterprise Docker Container
Not affectedNA
Splunk Infrastructure Monitoring
Not affectedNA
Splunk Log Observer
Not affectedNA
Splunk Mint Android SDK
Not affectedNA
Splunk Mint IOS SDK
Not affectedNA
Splunk Mint Management console
Not affectedNA
Splunk Mobile
Not affectedNA
Splunk Network Performance Monitoring
Not affectedNA
Splunk On-Call/Victor Ops/SSA
Not affectedNA
Splunk OVA for VMware
Not affectedNA
Splunk OVA for VMWare Metrics
Not affectedNA
Splunk Profiling
Not affectedNA
Splunk Real User Monitoring
Not affectedNA
Splunk Secure Gateway
Not affectedNA
Behavioral Analytics
Not affectedNA
Splunk Stream Forwarder
Not affectedNA
Splunk Synthetics
Not affectedNA
Splunk TV
Not affectedNA
Splunk UBA OVA Software
Not affectedNA
Splunk VMWare OVA for ITSI
Not affectedNA

If a Splunk Supported product or service is not listed above, the product or service is not affected by CVE-2022-3602 or CVE-2022-3786.

Mitigations and Workarounds

None

Detections

None

Severity

NA

Questions? Submit your question to Splunk Support.