How severe is CVE-2023-3997?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2023-3997?

This is classified as CWE-117, which is a common weakness in software security.

CVE-2023-3997 - HIGH Severity | CVSS 7.8

Vulnerability Description

Splunk SOAR versions lower than 6.1.0 are indirectly affected by a potential vulnerability accessed through the user’s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal user’s action.

Related Vulnerabilities

CVE-2020-25646

HIGH

CVSS:7.5(High)

A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private key in logs. This directly impacts confidentiality

CWE-1172020

CVE-2022-22151

HIGH

CVSS:8.1(High)

CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01...

CWE-1172022

CVE-2024-47083

HIGH

CVSS:7.5(High)

Power Platform Terraform Provider allows managing environments and other resources within Power Platform. Versions prior to 3.0.0 have an issue in the Power Platform Terraform Provider where sensitive...

CWE-1172024

CVE-2024-8297

MEDIUM

CVSS:7.5(High)

A vulnerability was found in kitsada8621 Digital Library Management System 1.0. It has been classified as problematic. Affected is the function JwtRefreshAuth of the file middleware/jwt_refresh_token_...

CWE-1172024

CVE-2024-8334

MEDIUM

CVSS:8.1(High)

A vulnerability was found in master-nan Sweet-CMS up to 5f441e022b8876f07cde709c77b5be6d2f262e3f. It has been rated as problematic. This issue affects the function LogHandler of the file middleware/lo...

CWE-1172024

CVE-2024-9606

HIGH

CVSS:7.5(High)

In berriai/litellm before version 1.44.12, the `litellm/litellm_core_utils/litellm_logging.py` file contains a vulnerability where the API key masking code only masks the first 5 characters of the key...

CWE-1172024