<!doctype html><html lang="en" class="no-js"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1"><title> SVD-2023-1101 | Splunk Vulnerability Disclosure</title><meta property="og:site_name" content="Splunk Vulnerability Disclosure"><meta property="og:site_description" content="Splunk Vulnerability Disclosure"><meta property="og:title" content="Third Party Package Update in Splunk Add-on for Amazon Web Services"><meta property="og:description" content="Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in version 7.2.0 of Splunk Add-on for Amazon Web Services, including the following:"><meta property="og:locale" content="en-US"><meta property="og:url" content=""><meta property="og:image" content="/assets/img/logo_color.jpg"><link rel="shortcut icon" type="image/x-icon" href="/assets/img/favicon.png"/><link rel="stylesheet" href="/assets/css/datatables.css"><link rel="stylesheet" href="/assets/css/main.css"><link rel="stylesheet" href="/assets/css/fontawesome-free-6.2.0.css"> <script src="/assets/js/jquery-3.7.1.js"></script> <script src="/assets/js/jquery.greedy-navigation.js"></script> <script src="/assets/js/datatables.js"></script> <script src="/assets/js/main.js"></script></head><body class="layout--advisory"><div class="masthead"><div class="masthead__inner-wrap"><div class="masthead__menu"><nav class="greedy-nav"> <a class="site-logo" href="https://www.splunk.com/"><img src="/assets/img/logo.svg" alt=" "></a><ul class="visible-links"><li class="advisory-hide-on-mobile masthead__menu-item"> <a href="/" class="advisory-link">Home</a></li><li class="advisory-hide-on-mobile masthead__menu-item"> <a href="/report" class="advisory-link">Report a Vulnerability</a></li><li class="advisory-hide-on-mobile masthead__menu-item"> <a href="/faqs" class="advisory-link">FAQs</a></li><li class="advisory-hide-on-mobile masthead__menu-item"> <a href="https://www.splunk.com/en_us/form/splunk-security-advisories-notification.html" class="advisory-link">Mailing List</a></li></ul><button class="greedy-nav__toggle hidden advisory-show-on-mobile" type="button"> <span class="visually-hidden">Toggle menu</span><div class="navicon"></div></button><ul class="hidden-links hidden advisory-show-on-mobile"><li class="masthead__menu-item"> <a href="/">Home</a></li><li class="masthead__menu-item"> <a href="/report">Report a Vulnerability</a></li><li class="masthead__menu-item"> <a href="/faqs">FAQs</a></li><li class="masthead__menu-item"> <a href="https://www.splunk.com/en_us/form/splunk-security-advisories-notification.html">Mailing List</a></li></ul></nav></div></div></div><div class="initial-content"><div id="main" role="main"><article class="splash"><section class="page__content"><div class="advisory-show-on-mobile"><p>&nbsp;</p></div><div id="advisory" role="main"><div class="advisory-title"><h1>Third Party Package Update in Splunk Add-on for Amazon Web Services</h1></div><div><div class="advisory-row"><div class="advisory-column-left"><p><b>Advisory&nbsp;ID:</b>&nbsp;SVD-2023-1101</p></div><div class="advisory-column-right"><p><b>CVE&nbsp;ID:</b>&nbsp;<a href="https://www.cve.org/CVERecord?id=CVE-2023-37920" class="advisory-no-link advisory-link">CVE-2023-37920</a></p></div></div><div class="advisory-row"><div class="advisory-column-left"><p><b>Published:</b>&nbsp;2023-11-16</p></div><div class="advisory-column-right"><p><b>Last&nbsp;Update:</b>&nbsp;2023-11-16</p></div></div></div><div><h2 id="description">Description</h2><p>Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in version 7.2.0 of Splunk Add-on for Amazon Web Services, including the following:</p><div><table class="advisory-table" id="advisory-table"><thead class="advisory-th"><tr><th>Package</th><th>Remediation</th><th>CVE</th><th>Severity</th></tr></thead><tbody><tr class="advisory-tr"><td class="advisory-td" label="Package">certifi</td><td class="advisory-td" label="Remediation">Upgraded to 2023.7.22</td><td class="advisory-td" label="CVE">CVE-2023-37920</td><td class="advisory-td" label="Severity">Critical</td></tr></tbody></table></div><h2 id="solution">Solution</h2><p>Upgrade the Splunk Add-on for Amazon Web Services to version 7.2.0 or higher.</p><h2 id="product-status">Product Status</h2><div><table class="advisory-table" id="advisory-table"><thead class="advisory-th"><tr><th>Product</th><th>Version</th><th>Component</th><th>Affected Version</th><th>Fix Version</th></tr></thead><tbody><tr class="advisory-tr"><td class="advisory-td" label="Product">Splunk Add-on for Amazon Web Services</td><td class="advisory-td" label="Version">-</td><td class="advisory-td" label="Component">-</td><td class="advisory-td" label="Affected Version">Below 7.2.0</td><td class="advisory-td" label="Fix Version">7.2.0</td></tr></tbody></table></div><h2 id="severity">Severity</h2><p>For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating to align with industry standards.</p></div></div></section></article></div></div><div id="footer" class="page__footer"><footer><div class="page__footer-follow"><ul class="social-icons"><li><a href="mailto:prodsec@splunk.com" rel="nofollow noopener noreferrer" class="advisory-icon-a"><i class="fa-regular fa-envelope advisory-icon-i"></i> Email</a></li><li><a href="/feed.xml" rel="nofollow noopener noreferrer" class="advisory-icon-a"><i class="fa-solid fa-rss advisory-icon-i"></i> RSS Feed</a></li><li><a href="https://login.splunk.com/page/sso_redirect?type=portal" rel="nofollow noopener noreferrer" class="advisory-icon-a"><i class="fa-solid fa-link advisory-icon-i"></i> Support</a></li></ul></div><div class="page__footer-copyright">&copy; 2005 - 2024 Splunk Inc. All rights reserved.</div><div class="page__footer-links"><a href="https://www.splunk.com/en_us/legal.html" rel="nofollow noopener noreferrer">Legal</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="https://www.splunk.com/en_us/legal/privacy/privacy-policy.html" rel="nofollow noopener noreferrer">Privacy<a/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="https://www.splunk.com/en_us/legal/terms/terms-of-use.html" rel="nofollow noopener noreferrer">Website Terms of Use<a/></div></footer></div></body></html>