CVE-2023-3997
31.07.2023, 17:15
Splunk SOAR versions lower than 6.1.0 are indirectly affected by a potential vulnerability accessed through the users terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal users action.Enginsight
| Vendor | Product | Version |
|---|---|---|
| splunk | soar | 𝑥 < 6.1.0 |
| splunk | soar | 𝑥 < 6.1.0.131 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-117 - Improper Output Neutralization for LogsThe software does not neutralize or incorrectly neutralizes output that is written to logs.
- CWE-116 - Improper Encoding or Escaping of OutputThe software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.