Home

Description

Splunk SOAR versions lower than 6.1.0 are indirectly affected by a potential vulnerability accessed through the user’s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal user’s action.

PUBLISHED Reserved 2023-07-28 | Published 2023-07-31 | Updated 2025-02-28 | Assigner Splunk




HIGH: 8.6CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Problem types

The software does not neutralize or incorrectly neutralizes output that is written to logs.

Product status

- (custom) before 6.1.0
affected

- (custom) before 6.1.0
affected

Credits

STÖK / Fredrik Alexandersson

References

advisory.splunk.com/advisories/SVD-2023-0702

cve.org (CVE-2023-3997)

nvd.nist.gov (CVE-2023-3997)

Download JSON