Security

Is Splunk Enterprise vulnerable CVE-2022-33891 and CVE-2021-34538?

lskaariwala
Loves-to-Learn Lots

One of our client recently performed a vulnerability scan on Splunk Enterprise 8.2.7 and they were found as vulnerable for Apache Spark package and Apache hive package :

bin\jars\vendors\spark\3.0.1\lib\spark-core_2.12-3.0.1.jar 

and 

\bin\jars\thirdparty\hive_3_1\hive-exec-3.1.2.jar

I see version 9.0 uses patched version of hive i.e 3.1.3 and does not use spark

Did anyone else found this ??

 

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...