Vulnerabilites related to ScienceLogic - SL 1
cve-2022-48596
Vulnerability from cvelistv5
Published
2023-08-09 18:21
Modified
2024-10-10 14:40
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Version: 11.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48596/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48596",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:40:11.690850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:40:43.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cticket queue watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cticket queue watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:21:34.551Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48596/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48596",
"datePublished": "2023-08-09T18:21:34.551Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T14:40:43.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48601
Vulnerability from cvelistv5
Published
2023-08-09 18:32
Modified
2024-10-09 20:45
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Version: 11.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48601/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48601",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T20:45:14.398612Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:45:22.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cnetwork print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cnetwork print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:32:30.423Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48601/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48601",
"datePublished": "2023-08-09T18:32:30.423Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-09T20:45:22.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48599
Vulnerability from cvelistv5
Published
2023-08-09 18:26
Modified
2024-10-09 20:50
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability exists in the “reporter events type” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Version: 11.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48599/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48599",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T20:50:16.427813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:50:26.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201creporter events type\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201creporter events type\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:26:24.798Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48599/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48599",
"datePublished": "2023-08-09T18:26:24.798Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-09T20:50:26.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48580
Vulnerability from cvelistv5
Published
2023-08-09 17:02
Modified
2024-10-10 14:54
Severity ?
EPSS score ?
Summary
A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Version: 11.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48580/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48580",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:54:41.377178Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:54:53.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Christian Weiler"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability exists in the \u201cARP ping device tool\u201d feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for\u0026nbsp;the injection of arbitrary commands to the underlying operating system."
}
],
"value": "A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for\u00a0the injection of arbitrary commands to the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T17:07:52.058Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48580/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48580",
"datePublished": "2023-08-09T17:02:24.923Z",
"dateReserved": "2023-08-09T16:58:35.310Z",
"dateUpdated": "2024-10-10T14:54:53.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48581
Vulnerability from cvelistv5
Published
2023-08-09 17:08
Modified
2024-10-10 14:53
Severity ?
EPSS score ?
Summary
A command injection vulnerability exists in the “dash export” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Version: 11.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48581/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48581",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:53:40.675177Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:53:54.089Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Christian Weiler"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability exists in the \u201cdash export\u201d feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system. "
}
],
"value": "A command injection vulnerability exists in the \u201cdash export\u201d feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T17:08:11.636Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48581/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48581",
"datePublished": "2023-08-09T17:08:11.636Z",
"dateReserved": "2023-08-09T16:58:35.310Z",
"dateUpdated": "2024-10-10T14:53:54.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48593
Vulnerability from cvelistv5
Published
2023-08-09 18:14
Modified
2024-10-10 14:42
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Version: 11.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48593/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48593",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:42:15.398726Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:42:26.114Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201ctopology data service\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201ctopology data service\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:14:54.986Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48593/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48593",
"datePublished": "2023-08-09T18:14:54.986Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T14:42:26.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48584
Vulnerability from cvelistv5
Published
2023-08-09 17:29
Modified
2024-10-10 14:51
Severity ?
EPSS score ?
Summary
A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Version: 11.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48584/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48584",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:51:32.177933Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:51:50.315Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system."
}
],
"value": "A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T17:29:49.944Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48584/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48584",
"datePublished": "2023-08-09T17:29:49.944Z",
"dateReserved": "2023-08-09T16:58:35.310Z",
"dateUpdated": "2024-10-10T14:51:50.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48591
Vulnerability from cvelistv5
Published
2023-08-09 18:04
Modified
2024-10-10 14:43
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability exists in the vendor_state parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Version: 11.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48591/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:43:31.068984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:43:43.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the vendor_state parameter of the \u201cvendor print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the vendor_state parameter of the \u201cvendor print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:13:27.118Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48591/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48591",
"datePublished": "2023-08-09T18:04:59.797Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T14:43:43.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48600
Vulnerability from cvelistv5
Published
2023-08-09 18:28
Modified
2024-10-09 20:48
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Version: 11.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48600/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T20:48:20.104920Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:48:30.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cnotes view\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cnotes view\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:28:29.476Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48600/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48600",
"datePublished": "2023-08-09T18:28:29.476Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-09T20:48:30.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48586
Vulnerability from cvelistv5
Published
2023-08-09 17:44
Modified
2024-10-10 14:49
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability exists in the “json walker” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Version: 11.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48586/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48586",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:49:37.475311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:49:50.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cjson walker\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cjson walker\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T17:44:56.747Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48586/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48586",
"datePublished": "2023-08-09T17:44:56.747Z",
"dateReserved": "2023-08-09T16:58:35.311Z",
"dateUpdated": "2024-10-10T14:49:50.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48592
Vulnerability from cvelistv5
Published
2023-08-09 18:09
Modified
2024-10-10 14:42
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Version: 11.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48592/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48592",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:42:48.471671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:42:58.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the vendor_country parameter of the \u201cvendor print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the vendor_country parameter of the \u201cvendor print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:09:37.218Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48592/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48592",
"datePublished": "2023-08-09T18:09:37.218Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T14:42:58.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48583
Vulnerability from cvelistv5
Published
2023-08-09 17:13
Modified
2024-10-10 14:52
Severity ?
EPSS score ?
Summary
A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Version: 11.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48583/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48583",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:52:27.630862Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:52:38.496Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Christian Weiler"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system."
}
],
"value": "A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T17:13:54.494Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48583/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48583",
"datePublished": "2023-08-09T17:13:54.494Z",
"dateReserved": "2023-08-09T16:58:35.310Z",
"dateUpdated": "2024-10-10T14:52:38.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48597
Vulnerability from cvelistv5
Published
2023-08-09 18:23
Modified
2024-10-10 14:39
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Version: 11.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48597/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48597",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:39:23.947486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:39:47.269Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cticket event report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cticket event report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:23:45.708Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48597/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48597",
"datePublished": "2023-08-09T18:23:45.708Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T14:39:47.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48594
Vulnerability from cvelistv5
Published
2023-08-09 18:18
Modified
2024-10-10 12:49
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Version: 11.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48594/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T12:49:08.704786Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T12:49:18.686Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cticket watchers email\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cticket watchers email\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:18:03.553Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48594/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48594",
"datePublished": "2023-08-09T18:18:03.553Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T12:49:18.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48590
Vulnerability from cvelistv5
Published
2023-08-09 17:57
Modified
2024-10-10 14:45
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Version: 11.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48590/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48590",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:44:29.251425Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:45:17.570Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cadmin dynamic app mib errors\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cadmin dynamic app mib errors\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T17:57:42.896Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48590/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48590",
"datePublished": "2023-08-09T17:57:42.896Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T14:45:17.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48585
Vulnerability from cvelistv5
Published
2023-08-09 17:42
Modified
2024-10-10 14:50
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Version: 11.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48585/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48585",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:50:28.410090Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:50:45.147Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cadmin brand portal\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cadmin brand portal\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T17:42:14.525Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48585/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48585",
"datePublished": "2023-08-09T17:42:14.525Z",
"dateReserved": "2023-08-09T16:58:35.311Z",
"dateUpdated": "2024-10-10T14:50:45.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48589
Vulnerability from cvelistv5
Published
2023-08-09 17:54
Modified
2024-10-10 14:46
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability exists in the “reporting job editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Version: 11.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48589/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48589",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:45:41.278746Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:46:02.450Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201creporting job editor\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201creporting job editor\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T17:54:20.181Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48589/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48589",
"datePublished": "2023-08-09T17:54:20.181Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T14:46:02.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48582
Vulnerability from cvelistv5
Published
2023-08-09 17:11
Modified
2024-10-10 14:53
Severity ?
EPSS score ?
Summary
A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Version: 11.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:54.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48582/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48582",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:53:00.582430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:53:17.188Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Christian Weiler"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system."
}
],
"value": "A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T17:11:15.231Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48582/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48582",
"datePublished": "2023-08-09T17:11:15.231Z",
"dateReserved": "2023-08-09T16:58:35.310Z",
"dateUpdated": "2024-10-10T14:53:17.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48588
Vulnerability from cvelistv5
Published
2023-08-09 17:47
Modified
2024-10-10 14:46
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability exists in the “schedule editor decoupled” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Version: 11.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:54.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48588/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48588",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:46:40.291778Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:46:51.043Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cschedule editor decoupled\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cschedule editor decoupled\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T17:47:49.705Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48588/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48588",
"datePublished": "2023-08-09T17:47:49.705Z",
"dateReserved": "2023-08-09T16:58:35.311Z",
"dateUpdated": "2024-10-10T14:46:51.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48587
Vulnerability from cvelistv5
Published
2023-08-09 17:46
Modified
2024-10-10 14:49
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability exists in the “schedule editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Version: 11.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:54.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48587/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48587",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:49:06.892782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:49:15.668Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cschedule editor\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cschedule editor\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T17:46:05.699Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48587/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48587",
"datePublished": "2023-08-09T17:46:05.699Z",
"dateReserved": "2023-08-09T16:58:35.311Z",
"dateUpdated": "2024-10-10T14:49:15.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48603
Vulnerability from cvelistv5
Published
2023-08-09 18:34
Modified
2024-10-10 12:48
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Version: 11.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48603/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48603",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T12:48:23.177143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T12:48:32.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer iframe\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer iframe\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:34:48.333Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48603/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48603",
"datePublished": "2023-08-09T18:34:48.333Z",
"dateReserved": "2023-08-09T16:58:35.314Z",
"dateUpdated": "2024-10-10T12:48:32.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48604
Vulnerability from cvelistv5
Published
2023-08-09 18:35
Modified
2024-10-10 12:48
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability exists in the “logging export” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Version: 11.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48604/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48604",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T12:47:54.337625Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T12:48:06.441Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201clogging export\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201clogging export\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:35:32.937Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48604/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48604",
"datePublished": "2023-08-09T18:35:32.937Z",
"dateReserved": "2023-08-09T16:58:35.314Z",
"dateUpdated": "2024-10-10T12:48:06.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48598
Vulnerability from cvelistv5
Published
2023-08-09 18:25
Modified
2024-10-10 18:22
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Version: 11.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48598/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T18:22:10.631782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T18:22:22.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201creporter events type date\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201creporter events type date\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:25:02.473Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48598/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48598",
"datePublished": "2023-08-09T18:25:02.473Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T18:22:22.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48602
Vulnerability from cvelistv5
Published
2023-08-09 18:33
Modified
2024-10-10 12:48
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability exists in the “message viewer print” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Version: 11.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48602/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48602",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T12:48:45.899514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T12:48:53.896Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer print\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer print\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:33:39.915Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48602/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48602",
"datePublished": "2023-08-09T18:33:39.915Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T12:48:53.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48595
Vulnerability from cvelistv5
Published
2023-08-09 18:19
Modified
2024-10-10 14:41
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Version: 11.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48595/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48595",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:41:02.549738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:41:13.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cticket template watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cticket template watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:19:24.967Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48595/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48595",
"datePublished": "2023-08-09T18:19:24.967Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T14:41:13.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}