Refine your search
1 vulnerability found for Splunk SOAR (On-premises) by Splunk
CVE-2023-3997 (GCVE-0-2023-3997)
Vulnerability from cvelistv5
Published
2023-07-31 16:16
Modified
2025-02-28 11:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-117 - The software does not neutralize or incorrectly neutralizes output that is written to logs.
Summary
Splunk SOAR versions lower than 6.1.0 are indirectly affected by a potential vulnerability accessed through the user’s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal user’s action.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Splunk | Splunk SOAR (On-premises) |
Version: - < 6.1.0 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:10.425Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://advisory.splunk.com/advisories/SVD-2023-0702"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Splunk SOAR (On-premises)",
"vendor": "Splunk",
"versions": [
{
"lessThan": "6.1.0",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"product": "Splunk SOAR (Cloud)",
"vendor": "Splunk",
"versions": [
{
"lessThan": "6.1.0",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ST\u00d6K / Fredrik Alexandersson"
}
],
"datePublic": "2023-07-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Splunk SOAR versions lower than 6.1.0 are indirectly affected by a potential vulnerability accessed through the user\u2019s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal user\u2019s action."
}
],
"value": "Splunk SOAR versions lower than 6.1.0 are indirectly affected by a potential vulnerability accessed through the user\u2019s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal user\u2019s action."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "The software does not neutralize or incorrectly neutralizes output that is written to logs.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T11:03:50.122Z",
"orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"shortName": "Splunk"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-0702"
}
],
"source": {
"advisory": "SVD-2023-0702"
},
"title": "Unauthenticated Log Injection In Splunk SOAR"
}
},
"cveMetadata": {
"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"assignerShortName": "Splunk",
"cveId": "CVE-2023-3997",
"datePublished": "2023-07-31T16:16:19.911Z",
"dateReserved": "2023-07-28T17:28:28.614Z",
"dateUpdated": "2025-02-28T11:03:50.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}