CyberSecurityBoard
Sponsor Register Login

Splunk Address Third-Party Packages Vulnerabilities in SOAR Versions - Update Now

The vulnerabilities affect essential components, including git, Django, cryptography libraries, and JavaScript packages, requiring immediate attention from security administrators managing Splunk SOAR deployments. High-severity vulnerabilities include CVE-2024-45230 in Django, CVE-2024-21538 in cross-spawn, CVE-2024-52804 in tornado, CVE-2022-35583 wkhtml vulnerability, CVE-2024-6345 in Setuptools, CVE-2024-39338 in Axios JavaScript library and CVE-2024-49767 in Werkzeug WSGI utility library. The critical severity rating indicates this vulnerability poses significant security risks and requires immediate attention from system administrators. Third-party components upgraded, including Django, cryptography, jQuery DataTables, and wkhtml removal, covering vulnerabilities from critical to medium severity. The advisory affects all SOAR base version 6.4 installations below 6.4.1, making this update essential for maintaining security posture. Unpatched vulnerabilities could enable unauthorized access, code execution, and data manipulation across the core SOAR infrastructure. However, in the subsequent SOAR version 6.4.1, Splunk took the more decisive approach of completely removing the @babel/traverse package to eliminate the vulnerability entirely. These vulnerabilities could potentially allow unauthorized access, code execution, or data manipulation within the SOAR environment.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 09 Jul 2025 13:30:16 +0000


Cyber News related to Splunk Address Third-Party Packages Vulnerabilities in SOAR Versions - Update Now

What Is SOAR? Definition, Benefits & Use Cases - In general, a SOAR platform's user interface allows security teams to manage connections between all their existing security hardware and software. A strong SOAR solution should include standard orchestration features, automated processes and ...
1 year ago Esecurityplanet.com
Splunk RCE Vulnerability Let Attackers Execute Arbitrary Code Via File Upload - Splunk has released patches to address a high-severity Remote Code Execution (RCE) vulnerability affecting Splunk Enterprise and Splunk Cloud Platform. The vulnerability impacts Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and ...
6 months ago Cybersecuritynews.com CVE-2025-20229
Adopting SOAR Solutions - CISO’s Automation Guide - SOAR combines three essential capabilities: security orchestration, automation, and incident response into a unified platform that helps security teams collect data about threats and respond to security events with minimal human intervention. By ...
5 months ago Cybersecuritynews.com
How to Implementing SOAR To Reduce Incident Response Time Effectively - Once these foundational integrations are in place, organizations can expand their SOAR implementation to include more advanced capabilities, such as automated vulnerability scanning, endpoint isolation, and integration with cloud security tools. This ...
5 months ago Cybersecuritynews.com
How Data Ingestion Works in SOAR - SOAR tools work as consolidation platforms for security alerts and incident response. Endpoint security tools, network security tools, email systems, and other tools collect logs, run detection rules and generate alerts. SOAR then ingests those ...
1 year ago Securityboulevard.com
Splunk Patches High-Severity Vulnerabilities in Enterprise Product - Splunk on Monday announced patches for 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including six high-severity bugs. Three of the high-severity issues are remote code execution flaws that require authentication for successful ...
1 year ago Securityweek.com CVE-2024-36985 CVE-2024-36984
Splunk Patches High-Severity Vulnerabilities in Enterprise Product - Splunk on Monday announced patches for 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including six high-severity bugs. Three of the high-severity issues are remote code execution flaws that require authentication for successful ...
1 year ago Packetstormsecurity.com CVE-2024-36985 CVE-2024-36984
CVE-2025-20325 - In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.113, and 9.2.2406.119, the software potentially exposes the search head cluster ...
3 months ago
Webinar: Solving the Bi-Directional Sync Problem with Microsoft Sentinel and D3 Smart SOAR - Hosted by Microsoft's Eric Burkholder and D3's Pierre Noujeim, we'll have a demo of the integration in action, followed by a discussion on its benefits, and conclude with a Q&A session. If you work at a mature SOC or at an MSSP, you're probably ...
1 year ago Securityboulevard.com
Splunk Address Third-Party Packages Vulnerabilities in SOAR Versions - Update Now - The vulnerabilities affect essential components, including git, Django, cryptography libraries, and JavaScript packages, requiring immediate attention from security administrators managing Splunk SOAR deployments. High-severity vulnerabilities ...
3 months ago Cybersecuritynews.com CVE-2024-45230
Building SOAR Playbooks To Respond To Common Web-Based Attacks - For web-based attacks, a playbook must be able to handle a wide variety of threat vectors, from phishing emails and malicious URLs to web application firewall (WAF) alerts and suspicious file downloads. By automating the detection, investigation, and ...
5 months ago Cybersecuritynews.com
CVE-2022-32152 - Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured ...
3 years ago
CVE-2022-32153 - Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured ...
3 years ago
Misconfiguration and vulnerabilities biggest risks in cloud security: Report - The two biggest cloud security risks continue to be misconfigurations and vulnerabilities, which are being introduced in greater numbers through software supply chains, according to a report by Sysdig. While zero trust is a top priority, data showed ...
2 years ago Csoonline.com Hunters
CVE-2022-32151 - The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform ...
3 years ago
How to Build a SOAR Playbook: Start with the Artifacts - Security Boulevard - Artifacts are data elements relevant to your security incidents, such as device IDs, user IDs, IP addresses, file hashes, and process names. By focusing on commands that interact with your key artifacts, you streamline your playbook, making it more ...
1 year ago Securityboulevard.com
ProcessUnity Introduces Industry's All-In-One Third-Party Risk Management Platform - PRESS RELEASE. BOSTON-(BUSINESS WIRE)- ProcessUnity, provider of comprehensive end-to-end third-party risk management and cybersecurity solutions to leading enterprises, today announced the completed integration of the Global Risk Exchange. The newly ...
1 year ago Darkreading.com
5000+ Malicious Packages Found In The Wild To Compromise Windows Systems - These packages, detected from November 2024 onward, employ sophisticated techniques to evade traditional security measures while executing harmful actions that can lead to data theft, unauthorized access, and complete system compromise. Similarly, ...
6 months ago Cybersecuritynews.com
CVE-2025-20370 - In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a user who holds a role that contains the high-privilege capability `change_authentication`, ...
1 week ago
Malicious PyPI packages targeting highly specific MacOS machines - As part of our software package supply chain security efforts, we continuously scan for malware in newly released PyPI and NPM packages. In this post, we describe a particularly interesting cluster of malicious packages that we've identified. In late ...
1 year ago Securitylabs.datadoghq.com
Check if you're in Google Chrome's third-party cookie phaseout test - Google has started testing the phasing out of third-party cookies on Chrome, affecting about 1% of its users or approximately 30 million people. Learn how to check if you are part of the initial test. Third-party cookies, which track users' browsing ...
1 year ago Bleepingcomputer.com
3 PYPI Packages Caught Spreading Malware - Recent reports have highlighted the malicious spreading of malware via 3 specific Python Package Index (PyPI) packages. These 3 packages were identified and reported by Sonatype, a software supply chain security firm. ...
2 years ago Securityaffairs.com
SharePoint 0-day Vulnerability Exploited in Wild by All Sorts of Hacker Groups - File Indicators of Compromise (IoCs) SHA-1FilenameDetectionDescriptionF5B60A8EAD96703080E73A1F79C3E70FF44DF271spinstall0.aspxMSIL/Webshell.JSWebshell deployed via SharePoint vulnerabilities Network Indicators of Compromise (IoCs) IP ...
2 months ago Cybersecuritynews.com
CVE-2025-20366 - In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.111, 9.3.2408.119, and 9.2.2406.122, a low-privileged user that does not hold the admin or power Splunk roles could access sensitive search ...
1 week ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)