HIGH✓ PATCH🇬🇧 English

CVE-2023-4571

CVSS 8.6v3.1pub. 2023-08-30upd. 2024-12-10

In Splunk IT Service Intelligence (ITSI) versions below below 4.13.3, 4.15.3, or 4.17.1, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can run malicious code in the vulnerable application. This attack requires a user to use a terminal application that translates ANSI escape codes to read the malicious log file locally in the vulnerable terminal. The vulnerability also requires additional user interaction to succeed. The vulnerability does not directly affect Splunk ITSI. The indirect impact on Splunk ITSI can vary significantly depending on the permissions in the vulnerable terminal application, as well as where and how the user reads the malicious log file. For example, users can copy the malicious file from Splunk ITSI and read it on their local machine.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
  • Splunk It Service Intelligence

    APP
    Splunk
    4.17.04.13.0 – 4.13.3 (bez)4.15.0 – 4.15.3 (bez)
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2026-20253CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Splunk Enterprise — tworzenie/skracanie plików bez uwierzytelnienia przez sidecar PostgreSQL

CVE-2026-20266CRITICAL9.1ten sam vendor

In Splunk AI Toolkit versions below 5.7.4, a user who holds the "admin" Splunk role could execute arbitrary OS...

CVE-2023-23914CRITICAL9.1ten sam vendor

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS ...

CVE-2022-32221CRITICAL9.8ten sam vendor

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask ...

CVE-2022-36227CRITICAL9.8ten sam vendor

In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can re...