Re: SSL vulnerabilities

Pooja1

Hi Splunk,

Could you please help me to resolve the below mentioned vulnerability.

Synopsis

The remote service encrypts traffic using a protocol with known weaknesses.

Description

The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are affected by several cryptographic flaws, including:

- An insecure padding scheme with CBC ciphers.

- Insecure session renegotiation and resumption schemes.

An attacker can exploit these flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected service and clients.

Although SSL/TLS has a secure means for choosing the highest supported version of the protocol (so that these versions will be used only if the client or server support nothing better), many web browsers implement this in an unsafe way that allows an attacker to downgrade a connection (such as in POODLE). Therefore, it is recommended that these protocols be disabled entirely.

NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC's definition of 'strong cryptography'.

Please provide me the steps to remediate this.

Thank you.

PickleRick

Apart from what's been already said about upgrading, it's worth noting that at least some of those issues can be mitigated with proper configuration. See https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/9.0/secure-splunk-...

Pooja1

Hi @PickleRick ,

Thank for the details. Let me go through it.

inventsekar

Hi @Pooja1 may i ask few more details pls

1) are you using the "Tenable Add-On for Splunk", if yes, the version number pls

https://splunkbase.splunk.com/app/4060

2) are you using the Splunk Enterprise Security, if yes, the version number pls
3) may we know if there are any plans for Splunk upgrade in near future?
4) the above mentioned vulnerability, may we know where do you see this exactly?
between 2 regular app hosts or on the Splunk system itself..

----------------------------------------------------------------------------------------------
If this post or any post addressed your question, could you pls:
Give it karma to show appreciation

PS - As of Apr 2026, my Karma Given is 2290 and my Karma Received is 494, lets revamp the Karma Culture!
Thanks and best regards, Sekar
----------------------------------------------------------------------------------------------

Pooja1

Hi @inventsekar ,

1) are you using the "Tenable Add-On for Splunk", if yes, the version number pls
- Yes, 7.0.0

2) are you using the Splunk Enterprise Security, if yes, the version number pls
-Yes, 8.3.0 but its a different stack

3) may we know if there are any plans for Splunk upgrade in near future?
- We have upgraded to 9.4.10

4) the above mentioned vulnerability, may we know where do you see this exactly?
between 2 regular app hosts or on the Splunk system itself..
- Yes, its in Splunk server itself.

FYI - we have 3 differenent stack on Splunk Cloud for Splunk core, ES and ITSI.

HF's, DS, IHFs are on on-prem

Thank you.

livehybrid

Hi @Pooja1

Do you have a reference or CVE for the vulnerabilities you are referring to?

Have you been able to establish that the vulnerability does actually affect/impact your environment, rather than just being picked up by an external vulnerability scanner?

What version of Splunk are you running?

🌟 Did this answer help you? If so, please consider:

Adding karma to show it was useful
Marking it as the solution if it resolved your issue
Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

Pooja1

Hello @livehybrid,

No CVE number found for this vulnerability.

I'm not sure whether this vulnerability affect/impact our environment. However, these kind of vulnerbilities are triggered with the tenable scan.

Current Splunk version running on our servers is 9.1.X.

Thank you.

Pooja1

Okay, got it.

Thank you for the help

richgalloway

Splunk has not supported SSL 2.0 or 3.0 for some time now. It only supports TLS 1.0, 1.1, and 1.2 with 1.2 being the recommended version. I'm curious about how Tenable was able to connect using an unsupported protocol.

Splunk 9.1.x is no longer supported so no fixes are forthcoming for that version. A supported version may contain a fix, but it's hard to know without a CVE number.

You may find mention of a fix at http://advisory.splunk.com

---
If this reply helps you, Karma would be appreciated.

Pooja1

Hi @richgalloway,

Thank you for explaining about this.

livehybrid

Hi @Pooja1

9.1.x went out of support nearly 12 months ago, therefore I think the best solution here is to update to the latest version of a supported 9.x or even 10.x release as these will have more up-to-date security patches.

🌟 Did this answer help you? If so, please consider:

Adding karma to show it was useful
Marking it as the solution if it resolved your issue
Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

SSL vulnerabilities

Synopsis

Description

using Splunk Enterprise

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!

How to find the worst searches in your Splunk environment and how to fix them

Join the Conversation

SSL vulnerabilities

Synopsis

Description

using Splunk Enterprise

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!

How to find the worst searches in your Splunk environment and how to fix them