Splunk SOAR <6.1.0 Log Poisoning via ANSI Codes Causing Terminal Code Exec
CVE-2023-3997 Published on July 31, 2023
Unauthenticated Log Injection In Splunk SOAR
Splunk SOAR versions lower than 6.1.0 are indirectly affected by a potential vulnerability accessed through the users terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal users action.
Weakness Type
Improper Output Neutralization for Logs
The software does not neutralize or incorrectly neutralizes output that is written to logs.
Products Associated with CVE-2023-3997
Want to know whenever a new CVE is published for Splunk Soar? stack.watch will email you.
Affected Versions
Splunk SOAR (On-premises):- Version - and below 6.1.0 is affected.
- Version - and below 6.1.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.