Description
Splunk SOAR versions lower than 6.1.0 are indirectly affected by a potential vulnerability accessed through the user’s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal user’s action.
References (1)
Core 1
Core References
Vendor Advisory
https://advisory.splunk.com/advisories/SVD-2023-0702
Scores
CVSS v3
8.6
EPSS
0.0028
EPSS Percentile
19.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Details
CWE
CWE-116
CWE-117
Status
published
Products (2)
splunk/soar
< 6.1.0
splunk/soar
< 6.1.0.131
Published
Jul 31, 2023
Tracked Since
Feb 18, 2026