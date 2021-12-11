Log in
E-mail
Password
Show password
Remember
Forgot password ?
Become a member for free
Sign up
Sign up
New member
Sign up for FREE
New customer
Discover our services
Settings
Settings
Dynamic quotes 
OFFON
  1. Homepage
  2. Equities
  3. United States
  4. Nasdaq
  5. Splunk Inc.
  6. News
  7. Summary
    SPLK   US8486371045

SPLUNK INC.

(SPLK)
  Report
SummaryQuotesChartsNewsRatingsCalendarCompanyFinancialsConsensusRevisions 
SummaryMost relevantAll NewsAnalyst Reco.Other languagesPress ReleasesOfficial PublicationsSector newsMarketScreener Strategies

Splunk : Security Advisory for Apache Log4j (CVE-2021-44228)

12/11/2021 | 07:46pm EST
share with twitter
share with LinkedIn
share with facebook
Share:
By Splunk December 11, 2021

Updated 4pm PT, 12/11/21

A critical remote code execution vulnerability impacting at least Apache Log4j 2 (versions 2.0 to 2.14.1) was recently announced by Apache. This vulnerability is designated by Mitre as CVE-2021-44228 with the highest severity rating of 10.0. The vulnerability is also known as Log4Shell or LogJam by security researchers. If exploited, this vulnerability allows adversaries to potentially take full control of the impacted system.

Log4j 2 is a commonly used open source third party Java logging library used in software applications and services.

Splunk is currently reviewing our supported products for impact and evaluating options for remediation and/or or mitigation. The below tables contain our most up-to-date guidance on our products. These products are tracked separately across On Prem and Cloud products.

Please return to this posting for the most up to date information. Current customers can file support tickets through standard channels for specific guidance.

Summary of Impact for Splunk Enterprise and Splunk Cloud

Core Splunk Enterprise functionality does not use Log4j and is therefore not impacted. However, if Data Fabric Search (DFS) and Splunk Analytics for Hadoop (Hunk) product features are used, there is an impact because these product features leverage Log4j. If these features are not used, there is no active attack vector related to CVE-2021-44228.

All recent non-Windows versions of Splunk Enterprise include Log4j for these features. Windows versions of Splunk Enterprise do not include Log4j. Customers may follow the guidance in the "Removing Log4j from Splunk Enterprise" section below to remove these packages out of an abundance of caution. Official patches to upgrade the Log4j packages and mitigate the vulnerability in all usage scenarios are planned to be available no later than Monday, December 13, 2021.

Core Splunk Cloud is not impacted by CVE-2021-44228. For potential impact on Splunk supported applications installed on Splunk Enterprise or Splunk Cloud, see the tables below.

Impacted Products

These products are known to be impacted by CVE-2021-44228.

Product Cloud/On-Prem Impacted Versions Fixed Version Workaround
Data Stream Processor On-Prem DSP 1.0.x, DSP 1.1.x, DSP 1.2.x Pending TBD
IT Service Intelligence (ITSI) Both 4.11.1, 4.10.3, 4.9.5, 4.8.2, 4.7.3, 4.4.6 Multiple versions will be deployed to fix past versions early next week. TBD
Splunk Enterprise On-Prem All supported non-Windows versions of 8.1.x and 8.2.x only if Hadoop (Hunk) and/or DFS are used. 8.1.7.1, 8.2.2.2 to be released by Monday 12/13 See Removing Log4j from Splunk Enterprise section below
Splunk Enterprise Amazon Machine Image (AMI) On-Prem See Splunk Enterprise Pending TBD
Splunk Enterprise Docker Container On-Prem See Splunk Enterprise Pending TBD

--

Under Investigation

We are currently investigating whether these products are impacted by CVE-2021-44228.

Product Cloud/On-Prem
Admin Config Service Cloud
Behavior Analytics (cloud) Cloud
Developer Tools: SKDs Both
Enterprise Security Both
Intelligence Management (TruSTAR) Both
KV Service Cloud
Mission Control Cloud
Operator for Kubernetes On-Prem
Phantom (On-Premise) On-Prem
Security Analytics for AWS Cloud
SOAR Cloud (Phantom) Cloud
Splunk Cloud Data Manager (SCDM) Cloud
Splunk Cloud Developer Edition Cloud
Splunk Connect for SNMP On-Prem
Splunk Connect for Syslog On-Prem
Splunk Forwarders (UR/HWF) Both
Splunk Mint On-Prem
Splunk Mobile On-Prem
Splunk Secure Gateway (Spacebridge) Cloud
Splunk TV On-Prem
Stream Processor Service Cloud

--

Products Confirmed Not Vulnerable

Investigation has concluded that these products are not impacted by CVE-2021-44228.

  • Analytics Workspace
  • Dashboard Studio
  • Developer Tools: AppInspect
  • Splunk Application Performance Monitoring
  • Splunk Augmented Reality
  • Splunk Enterprise Cloud (core functionality - review this notice for installed application impacts)
  • Splunk Infrastructure Monitoring
  • Splunk Log Observer
  • Splunk Network Performance Monitoring
  • Splunk On-Call/Victor Ops
  • Splunk Profiling
  • Splunk Real User Monitoring
  • Splunk Synthetics
  • UBA (User Behavior Analytics)

Removing Log4j from Splunk Enterprise

If the Splunk Enterprise instance does not leverage DFS or Hunk, the presence of those libraries does not introduce an active attack vector. Out of an abundance of caution, you may remove the unused jars from your Splunk Enterprise instances in the following paths:

  • $SPLUNK_HOME/bin/jars/vendors/spark
  • $SPLUNK_HOME/bin/jars/vendors/libs/splunk-library-javalogging-*.jar
  • $SPLUNK_HOME/bin/jars/SplunkMR*
  • $SPLUNK_HOME/bin/jars/thirdparty/hive*
  • $SPLUNK_HOME/etc/apps/splunk_archiver/java-bin/jars/*

References

Change Log

  • 2020-12-11: Initial Security Advisory

Disclaimer

Splunk Inc. published this content on 11 December 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 12 December 2021 00:45:02 UTC.


© Publicnow 2021
All news about SPLUNK INC.
12/11SPLUNK : Security Advisory for Apache Log4j (CVE-2021-44228)
PU
12/10SPLUNK : Log Jammin'- Detecting Log4j 2 RCE Using Splunk
PU
12/10ACTIVE DIRECTORY LATERAL MOVEMENT DE : Threat Research Release, November 2021
PU
12/09HIGH FIVE : The Latest Integrations from Splunk, Microsoft and GitHub
PU
12/09SPLUNK : Transforming and Expanding our Talent Pipeline with the Year Up Program
PU
12/08LISTEN TO THOSE PIPES : Part 2
PU
12/08SPLUNK : Introducing… Splunk for iPad!
PU
12/07SPLUNK : Supports the Rural Technology Fund
PU
12/07Splunk 2022 Predictions Spotlight a Data-Driven Future
BU
12/06LISTEN TO THOSE PIPES : Part 1
PU
More news
Analyst Recommendations on SPLUNK INC.
More recommendations
Financials (USD)
Sales 2022 2 550 M - -
Net income 2022 -1 485 M - -
Net Debt 2022 1 467 M - -
P/E ratio 2022 -12,2x
Yield 2022 -
Capitalization 17 600 M 17 600 M -
EV / Sales 2022 7,48x
EV / Sales 2023 6,11x
Nbr of Employees 6 500
Free-Float 94,7%
Chart SPLUNK INC.
Duration : Period :
Splunk Inc. Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends SPLUNK INC.
Short TermMid-TermLong Term
TrendsBearishBearishBearish
Income Statement Evolution
Consensus
Sell
Buy
Mean consensus OUTPERFORM
Number of Analysts 40
Last Close Price 110,84 $
Average target price 166,15 $
Spread / Average Target 49,9%
EPS Revisions
Managers and Directors
Graham Vivian Smith Chairman & Chief Executive Officer
Teresa H. Carlson President & Chief Growth Officer
Jason E. Child Chief Financial Officer & Senior Vice President
Shawn Bice President-Products & Technology
Stephen G. Newberry Lead Independent Director
Sector and Competitors
1st jan.Capi. (M$)
SPLUNK INC.-34.76%17 600
MICROSOFT CORPORATION49.76%2 571 784
SEA LIMITED19.54%131 968
ATLASSIAN CORPORATION PLC59.33%94 180
DASSAULT SYSTÈMES SE59.77%79 001
ROBLOX CORPORATION0.00%67 081