SB2026031331 - Splunk AppDynamics Analytics Agent update for third-party components

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026031331

SB2026031331 - Splunk AppDynamics Analytics Agent update for third-party components

Published: March 13, 2026

Security Bulletin ID SB2026031331
Severity
Medium
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 86% Low 14%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Path traversal (CVE-ID: CVE-2022-31159)

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within the downloadDirectory() method in in the AWS S3 TransferManager component. A remote user can send a specially crafted HTTP request and read arbitrary files on the system.


2) Resource exhaustion (CVE-ID: CVE-2025-8885)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when processing ASN.1 OIDs. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


3) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2025-37727)

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to software stores sensitive information into log files when auditing requests to the reindex API. A remote user can read the log files and gain access to sensitive data.


4) Incorrect default permissions (CVE-ID: CVE-2020-17521)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for temporary files and folders that are set by the application. A local user with access to the system can view contents of files and directories or modify them.


5) Resource exhaustion (CVE-ID: CVE-2025-55163)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when handling HTTP/2 requests. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


6) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2025-58056)

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP/1.1 requests. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.


7) Resource exhaustion (CVE-ID: CVE-2025-58057)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in BrotliDecoder and some other decompressing decoders. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References