First published: Mon Jul 31 2023(Updated: )
Splunk SOAR versions lower than 6.1.0 are indirectly affected by a potential vulnerability accessed through the user’s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal user’s action.
Credit: prodsec@splunk.com prodsec@splunk.com
Affected Software | Affected Version | How to fix |
---|---|---|
Splunk SOAR | <6.1.0.131 | |
Splunk SOAR | <6.1.0 | |
<6.1.0 | ||
<6.1.0.131 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Splunk SOAR vulnerability is CVE-2023-3997.
The severity level of CVE-2023-3997 is high (7.8).
The affected software for CVE-2023-3997 is Splunk SOAR versions 6.0.2 and earlier (on-premises and cloud).
This vulnerability can be exploited by sending Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning.
Yes, updating to Splunk SOAR version 6.1.0 or higher will fix the vulnerability.