{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-3997","assignerOrgId":"42b59230-ec95-491e-8425-5a5befa1a469","state":"PUBLISHED","assignerShortName":"Splunk","dateReserved":"2023-07-28T17:28:28.614Z","datePublished":"2023-07-31T16:16:19.911Z","dateUpdated":"2025-02-28T11:03:50.122Z"},"containers":{"cna":{"affected":[{"product":"Splunk SOAR (On-premises)","vendor":"Splunk","versions":[{"version":"-","status":"affected","versionType":"custom","lessThan":"6.1.0"}]},{"product":"Splunk SOAR (Cloud)","vendor":"Splunk","versions":[{"version":"-","status":"affected","versionType":"custom","lessThan":"6.1.0"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Splunk SOAR versions lower than 6.1.0 are indirectly affected by a potential vulnerability accessed through the user’s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal user’s action."}],"value":"Splunk SOAR versions lower than 6.1.0 are indirectly affected by a potential vulnerability accessed through the user’s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal user’s action."}],"references":[{"url":"https://advisory.splunk.com/advisories/SVD-2023-0702"}],"title":"Unauthenticated Log Injection In Splunk SOAR","datePublic":"2023-07-31T00:00:00.000Z","metrics":[{"cvssV3_1":{"vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","version":"3.1","baseScore":8.6,"baseSeverity":"HIGH"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"lang":"en","type":"cwe","description":"The software does not neutralize or incorrectly neutralizes output that is written to logs.","cweId":"CWE-117"}]}],"source":{"advisory":"SVD-2023-0702"},"credits":[{"lang":"en","value":"STÖK / Fredrik Alexandersson"}],"providerMetadata":{"orgId":"42b59230-ec95-491e-8425-5a5befa1a469","shortName":"Splunk","dateUpdated":"2025-02-28T11:03:50.122Z"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T07:17:10.425Z"},"title":"CVE Program Container","references":[{"url":"https://advisory.splunk.com/advisories/SVD-2023-0702","tags":["x_transferred"]}]}]}}