Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN486
_____________________________________________________________________

DATE                : 31/07/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Enterprise Security versions
                             prior to 8.1.0, 7.3.4,
             Splunk User Behavior Analytics versions prior to 5.4.3.

=====================================================================
https://advisory.splunk.com/advisories/SVD-2025-0715
https://advisory.splunk.com/advisories/SVD-2025-0714
https://advisory.splunk.com/advisories/SVD-2025-0713
_____________________________________________________________________

Third-Party Package Updates in Enterprise Security 8.1.0 - July 2025

Advisory ID: SVD-2025-0715

CVE ID:  Multiple

Published: 2025-07-30

Last Update: 2025-07-30
Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third
Party Packages in Enterprise Security versions 8.1.0 and higher,
including the following:

Package    Remediation	CVE	Severity

got1       Upgraded to 13.0.0   CVE-2022-33987  Medium
Elliptic2  Upgraded to 6.6.1    Multiple        Critical
canvg3     Upgraded to 3.0.11   CVE-2025-25977  High

1 Upgraded got from 11.8.5 to 13.0.0 to remedy CVE-2022-33987.
2 Upgraded Elliptic from 6.6.0 to 6.6.1 to remedy CVE-2024-48948,
  CVE-2024-42459, CVE-2024-42461, and CVE-2024-42460.
3 Upgraded canvg from 3.0.10 to 3.0.11 to remedy CVE-2025-25977.


Solution

Upgrade Enterprise Security to versions 8.1.0, or higher.

Product Status

Product	Base Version	Affected Version	Fix Version
Enterprise Security	8.1	Below 8.1.0	8.1.0


Severity

For the CVEs in this list, Splunk adopted the severity rating that
the vendor published.

_____________________________________________________________________

Third-Party Package Updates in Enterprise Security 7.3.4 - July 2025

Advisory ID: SVD-2025-0714

CVE ID: Multiple

Published: 2025-07-30

Last Update: 2025-07-30


Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third
Party Packages in Enterprise Security versions 7.3.4 and higher,
including the following:


Package	Remediation             CVE             Severity
canvg1	Upgraded to 3.0.11	CVE-2025-25977	High


1 Upgraded canvg from 3.0.10 to 3.0.11 to remedy CVE-2025-25977.


Solution

Upgrade Enterprise Security to versions 7.3.4 or higher.

Product Status

Product          Base Version   Affected Version Fix Version
Enterprise Security	7.3	Below 7.3.4	 7.3.4


Severity

For the CVEs in this list, Splunk adopted the severity rating
that the vendor published.

_____________________________________________________________________

Third-Party Package Updates in Splunk User Behavior Analytics (UBA)
- July 2025

Advisory ID: SVD-2025-0713

CVE ID:  Multiple

Published: 2025-07-30

Last Update: 2025-07-30
Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third
Party Packages in Splunk User Behavior Analytics (UBA) version 5.4.3,
including the following:

Package        Remediation              CVE             Severity

Jetty HTTP      Upgraded to 9.4.57      CVE-2024-6763   Medium
sellinium       Upgraded to 4.30.0      CVE-2023-5590   High
node.js1        Upgraded to 22.14.0     Multiple        High
OpenJDK         Upgraded to 8u452      CVE-2025-21502   Medium
Apache Kafka2   Upgraded to 3.9.0      Multiple         Medium
docker3         Upgraded to 28.0.4     Multiple         High
containered.io  Upgraded to 1.7.27     CVE-2024-40635   Medium
curl4           Upgraded to 8.4.0      Multiple         Critical
werkzeug5       Upgraded to 3.6.0      Multiple         High
krb5-libs6	Upgraded to 1.18.2-31  Multiple         High
python          Upgraded to 3.12.10    CVE-2024-12254   High

1 Updated node.js to 22.14.0 to remedy CVE‑2024‑27980, and
CVE‑2024‑22020.

2 Updated Apache Kafka to 3.9.0 to remedy CVE-2024-31141, and
CVE-2024-56128.

3 Updated docker to 28.0.4 to remedy CVE-2025-22869, and
CVE-2025-27144.

4 Updated curl to 8.4.0 to remedy CVE-2023-38545, CVE-2023-38546,
and CVE-2023-38039.

5 Updated werkzeug to 3.6.0 to remedy CVE-2024-49766, and
CVE-2024-49767.

6 Updated krb5-libs to 1.18.2-31 to remedy CVE-2022-42898,
CVE-2024-26458, CVE-2024-26461, CVE-2024-37370, and CVE-2024-37371.

Solution

Upgrade Splunk User Behavior Analytics (UBA) to version 5.4.3 or
higher.

Product Status

Product    Base Version	      Affected Version	   Fix Version
Splunk User Behavior Analytics (UBA)   5.4  Below 5.4.3   5.4.3


Severity

For the CVEs in this list, Splunk adopted the national vulnerability
database (NVD) common vulnerability scoring system (CVSS) rating
to align with industry standards.


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================