1 results (0.004 seconds)
CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 0
CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 0CVE-2023-4571 – Unauthenticated Log Injection in Splunk IT Service Intelligence (ITSI)
https://notcve.org/view.php?id=CVE-2023-4571
30 Aug 2023 — In Splunk IT Service Intelligence (ITSI) versions below below 4.13.3, 4.15.3, or 4.17.1, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can run malicious code in the vulnerable application. This attack requires a user to use a terminal application that translates ANSI escape codes to read the malicious log file locally in the vulnerable terminal. The vulnerability also requires additio... • https://advisory.splunk.com/advisories/SVD-2023-0810 • CWE-116: Improper Encoding or Escaping of Output CWE-117: Improper Output Neutralization for Logs •