CVE-2023-3997

Name of the Vulnerable Software and Affected Versions Splunk SOAR versions prior to 6.1.0

Description The issue is related to the incorrect handling of log output, which can be exploited by sending a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal user’s action. A third party can exploit this to potentially execute arbitrary code.

Recommendations For versions prior to 6.1.0, update to version 6.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the terminal to minimize the risk of exploitation. Avoid using the terminal to view logs until the issue is resolved.