Splunk releases patches for multiple issues in Splunk Enterprise Security and Splunk User Behavior Analytics (UBA)
Take action: This is not a panic mode patch. While there is a critical issue, it's within a third party library so it requires some effort on the part of attackers. Nevertheless, since Splunk is part of the security toolkit, it's best to lead by example - patch your Splunk product soon.
Learn More
Splunk Enterprise Security and Splunk User Behavior Analytics (UBA) were found to have several vulnerabilities stemming from multiple third-party packages. Splunk has promptly addressed these issues with necessary patches, with the vulnerabilities varying in severity from high (7.1) to critical (9.8).
The vulnerabilities are:
- CVE-2022-37601 (CVSS score 9.8): Critical vulnerability in the loader-utils package.
- CVE-2023-45133 (CVSS score 8.8): High-severity vulnerability in the babel/traverse package.
- CVE-2015-5237 (CVSS score 8.8): High-severity vulnerability in the protobuf package.
- CVE-2022-46175 (CVSS score 8.8): High-severity vulnerability in the json5 package.
- CVE-2022-3171 (CVSS score 7.5): High-severity vulnerability in the protobuf package.
- CVE-2022-3509 (CVSS score 7.5): High-severity vulnerability in the protobuf package.
- CVE-2022-3510 (CVSS score 7.5): High-severity vulnerability in the protobuf package.
- CVE-2022-37599 (CVSS score 7.5): High-severity vulnerability in the loader-utils package.
- CVE-2022-37603 (CVSS score 7.5): High-severity vulnerability in the loader-utils package.
- CVE-2021-23446 (CVSS score 7.5): High-severity vulnerability in the handsontable package.
- CVE-2022-25883 (CVSS score 7.5): High-severity vulnerability in the semver package.
- CVE-2023-32695 (CVSS score 7.5): High-severity vulnerability in the socket.io-parser package.
- CVE-2023-2976 (CVSS score 7.1): High-severity vulnerability in the Guava package.
Affected products and patched releases
| Product | Affected Version | Fixed Version |
| Splunk Enterprise Security (ES) | 7.3 | 7.3.0 |
| Splunk Enterprise Security (ES) | 7.2 | 7.2.0 |
| Splunk Enterprise Security (ES) | Below 7.1.2 | 7.1.2 |
| Splunk User Behavior Analytics (UBA) | Below 5.3.0 | 5.3.0 |
| Splunk User Behavior Analytics (UBA) | Below 5.2.1 | 5.2.1 |
To safeguard against potential exploits by threat actors, users of these products are advised to upgrade to the latest versions.
