CVE-2023-3997

HIGH

Splunk SOAR <6.1.0 - Code Injection

Title source: llm

Description

Splunk SOAR versions lower than 6.1.0 are indirectly affected by a potential vulnerability accessed through the user’s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal user’s action.

References (1)

[Vendor Advisory] https://advisory.splunk.com/advisories/SVD-2023-0702

Scores

CVSS v3 8.6

EPSS 0.0007

EPSS Percentile 21.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Details

CWE

CWE-116 CWE-117

Status published

Products (2)

splunk/soar < 6.1.0

splunk/soar < 6.1.0.131

Published Jul 31, 2023

Tracked Since Feb 18, 2026