I was looking here http://docs.splunk.com/Documentation/Splunk/6.4.2/ReleaseNotes/OpenSSL which states 6.4.2 still has v1.0.2g. But I did install last night and you are correct, it is running 1.0.2h
thanks for the quick response
I have the same problem, and other vulnerabilities found in communication between the Universal Forwarder and Splunk Manager.
Does anyone know how to mitigate these vulnerabilities? Force use TLS? How do correctly?