Re: OpenSSL SEoL (1.1.1.x)

benedicteflora · ‎08-29-2024

Our vulnerability scan is reporting a critical severity finding affecting several components of Splunk Enterprise related to OpenSSL (1.1.1.x) version that has become EOL/EOS. My researches seem to point out that this version of OpenSSL may not yet be EOS for Splunk due to a purchase of an extended support contract; however, I have been unsuccessful in finding a documentation to support this. Please help provide this information or suggest how this finding can be addressed.

Path : /opt/splunk/etc/apps/Splunk_SA_Scientific_Python_linux_x86_64/bin/linux_x86_64/lib/libcrypto.so
Installed version : 1.1.1k
Security End of Life : September 11, 2023
Time since Security End of Life (Est.) : >= 6 months

Thank you.

richgalloway · ‎08-30-2024

What version of the app are you using? Does the vulnerability tool report a CVE? What is it?

---
If this reply helps you, Karma would be appreciated.

OpenSSL SEoL (1.1.1.x)

using Splunk Enterprise

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

Join the Conversation