Search
Find a vulnerability
Search criteria
25 vulnerabilities
CVE-2022-48604 (GCVE-0-2022-48604)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:35 – Updated: 2024-10-10 12:48
VLAI
Summary
A SQL injection vulnerability exists in the “logging export” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48604/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48604",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T12:47:54.337625Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T12:48:06.441Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201clogging export\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201clogging export\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:35:32.937Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48604/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48604",
"datePublished": "2023-08-09T18:35:32.937Z",
"dateReserved": "2023-08-09T16:58:35.314Z",
"dateUpdated": "2024-10-10T12:48:06.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48603 (GCVE-0-2022-48603)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:34 – Updated: 2024-10-10 12:48
VLAI
Summary
A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48603/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48603",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T12:48:23.177143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T12:48:32.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer iframe\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer iframe\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:34:48.333Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48603/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48603",
"datePublished": "2023-08-09T18:34:48.333Z",
"dateReserved": "2023-08-09T16:58:35.314Z",
"dateUpdated": "2024-10-10T12:48:32.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48602 (GCVE-0-2022-48602)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:33 – Updated: 2024-10-10 12:48
VLAI
Summary
A SQL injection vulnerability exists in the “message viewer print” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48602/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48602",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T12:48:45.899514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T12:48:53.896Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer print\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer print\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:33:39.915Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48602/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48602",
"datePublished": "2023-08-09T18:33:39.915Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T12:48:53.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48601 (GCVE-0-2022-48601)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:32 – Updated: 2024-10-09 20:45
VLAI
Summary
A SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48601/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48601",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T20:45:14.398612Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:45:22.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cnetwork print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cnetwork print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:32:30.423Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48601/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48601",
"datePublished": "2023-08-09T18:32:30.423Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-09T20:45:22.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48600 (GCVE-0-2022-48600)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:28 – Updated: 2024-10-09 20:48
VLAI
Summary
A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48600/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T20:48:20.104920Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:48:30.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cnotes view\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cnotes view\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:28:29.476Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48600/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48600",
"datePublished": "2023-08-09T18:28:29.476Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-09T20:48:30.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48599 (GCVE-0-2022-48599)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:26 – Updated: 2024-10-09 20:50
VLAI
Summary
A SQL injection vulnerability exists in the “reporter events type” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48599/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48599",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T20:50:16.427813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:50:26.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201creporter events type\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201creporter events type\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:26:24.798Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48599/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48599",
"datePublished": "2023-08-09T18:26:24.798Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-09T20:50:26.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48598 (GCVE-0-2022-48598)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:25 – Updated: 2024-10-10 18:22
VLAI
Summary
A SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48598/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T18:22:10.631782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T18:22:22.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201creporter events type date\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201creporter events type date\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:25:02.473Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48598/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48598",
"datePublished": "2023-08-09T18:25:02.473Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T18:22:22.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48597 (GCVE-0-2022-48597)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:23 – Updated: 2024-10-10 14:39
VLAI
Summary
A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48597/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48597",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:39:23.947486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:39:47.269Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cticket event report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cticket event report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:23:45.708Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48597/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48597",
"datePublished": "2023-08-09T18:23:45.708Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T14:39:47.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48596 (GCVE-0-2022-48596)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:21 – Updated: 2024-10-10 14:40
VLAI
Summary
A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48596/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48596",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:40:11.690850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:40:43.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cticket queue watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cticket queue watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:21:34.551Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48596/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48596",
"datePublished": "2023-08-09T18:21:34.551Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T14:40:43.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48595 (GCVE-0-2022-48595)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:19 – Updated: 2024-10-10 14:41
VLAI
Summary
A SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48595/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48595",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:41:02.549738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:41:13.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cticket template watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cticket template watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:19:24.967Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48595/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48595",
"datePublished": "2023-08-09T18:19:24.967Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T14:41:13.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48594 (GCVE-0-2022-48594)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:18 – Updated: 2024-10-10 12:49
VLAI
Summary
A SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48594/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T12:49:08.704786Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T12:49:18.686Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cticket watchers email\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cticket watchers email\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:18:03.553Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48594/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48594",
"datePublished": "2023-08-09T18:18:03.553Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T12:49:18.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48593 (GCVE-0-2022-48593)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:14 – Updated: 2024-10-10 14:42
VLAI
Summary
A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48593/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48593",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:42:15.398726Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:42:26.114Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201ctopology data service\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201ctopology data service\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:14:54.986Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48593/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48593",
"datePublished": "2023-08-09T18:14:54.986Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T14:42:26.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48592 (GCVE-0-2022-48592)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:09 – Updated: 2024-10-10 14:42
VLAI
Summary
A SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48592/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48592",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:42:48.471671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:42:58.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the vendor_country parameter of the \u201cvendor print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the vendor_country parameter of the \u201cvendor print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:09:37.218Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48592/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48592",
"datePublished": "2023-08-09T18:09:37.218Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T14:42:58.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48591 (GCVE-0-2022-48591)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:04 – Updated: 2024-10-10 14:43
VLAI
Summary
A SQL injection vulnerability exists in the vendor_state parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48591/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:43:31.068984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:43:43.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the vendor_state parameter of the \u201cvendor print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the vendor_state parameter of the \u201cvendor print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:13:27.118Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48591/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48591",
"datePublished": "2023-08-09T18:04:59.797Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T14:43:43.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48590 (GCVE-0-2022-48590)
Vulnerability from cvelistv5 – Published: 2023-08-09 17:57 – Updated: 2024-10-10 14:45
VLAI
Summary
A SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48590/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48590",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:44:29.251425Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:45:17.570Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cadmin dynamic app mib errors\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cadmin dynamic app mib errors\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T17:57:42.896Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48590/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48590",
"datePublished": "2023-08-09T17:57:42.896Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T14:45:17.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48589 (GCVE-0-2022-48589)
Vulnerability from cvelistv5 – Published: 2023-08-09 17:54 – Updated: 2024-10-10 14:46
VLAI
Summary
A SQL injection vulnerability exists in the “reporting job editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48589/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48589",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:45:41.278746Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:46:02.450Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201creporting job editor\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201creporting job editor\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T17:54:20.181Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48589/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48589",
"datePublished": "2023-08-09T17:54:20.181Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T14:46:02.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48588 (GCVE-0-2022-48588)
Vulnerability from cvelistv5 – Published: 2023-08-09 17:47 – Updated: 2024-10-10 14:46
VLAI
Summary
A SQL injection vulnerability exists in the “schedule editor decoupled” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:54.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48588/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48588",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:46:40.291778Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:46:51.043Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cschedule editor decoupled\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cschedule editor decoupled\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T17:47:49.705Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48588/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48588",
"datePublished": "2023-08-09T17:47:49.705Z",
"dateReserved": "2023-08-09T16:58:35.311Z",
"dateUpdated": "2024-10-10T14:46:51.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48587 (GCVE-0-2022-48587)
Vulnerability from cvelistv5 – Published: 2023-08-09 17:46 – Updated: 2024-10-10 14:49
VLAI
Summary
A SQL injection vulnerability exists in the “schedule editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:54.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48587/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48587",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:49:06.892782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:49:15.668Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cschedule editor\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cschedule editor\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T17:46:05.699Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48587/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48587",
"datePublished": "2023-08-09T17:46:05.699Z",
"dateReserved": "2023-08-09T16:58:35.311Z",
"dateUpdated": "2024-10-10T14:49:15.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48586 (GCVE-0-2022-48586)
Vulnerability from cvelistv5 – Published: 2023-08-09 17:44 – Updated: 2024-10-10 14:49
VLAI
Summary
A SQL injection vulnerability exists in the “json walker” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48586/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48586",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:49:37.475311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:49:50.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cjson walker\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cjson walker\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T17:44:56.747Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48586/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48586",
"datePublished": "2023-08-09T17:44:56.747Z",
"dateReserved": "2023-08-09T16:58:35.311Z",
"dateUpdated": "2024-10-10T14:49:50.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48585 (GCVE-0-2022-48585)
Vulnerability from cvelistv5 – Published: 2023-08-09 17:42 – Updated: 2024-10-10 14:50
VLAI
Summary
A SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48585/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48585",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:50:28.410090Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:50:45.147Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cadmin brand portal\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cadmin brand portal\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T17:42:14.525Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48585/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48585",
"datePublished": "2023-08-09T17:42:14.525Z",
"dateReserved": "2023-08-09T16:58:35.311Z",
"dateUpdated": "2024-10-10T14:50:45.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48584 (GCVE-0-2022-48584)
Vulnerability from cvelistv5 – Published: 2023-08-09 17:29 – Updated: 2024-10-10 14:51
VLAI
Summary
A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48584/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48584",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:51:32.177933Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:51:50.315Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system."
}
],
"value": "A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T17:29:49.944Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48584/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48584",
"datePublished": "2023-08-09T17:29:49.944Z",
"dateReserved": "2023-08-09T16:58:35.310Z",
"dateUpdated": "2024-10-10T14:51:50.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48583 (GCVE-0-2022-48583)
Vulnerability from cvelistv5 – Published: 2023-08-09 17:13 – Updated: 2024-10-10 14:52
VLAI
Summary
A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48583/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48583",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:52:27.630862Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:52:38.496Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Christian Weiler"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system."
}
],
"value": "A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T17:13:54.494Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48583/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48583",
"datePublished": "2023-08-09T17:13:54.494Z",
"dateReserved": "2023-08-09T16:58:35.310Z",
"dateUpdated": "2024-10-10T14:52:38.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48582 (GCVE-0-2022-48582)
Vulnerability from cvelistv5 – Published: 2023-08-09 17:11 – Updated: 2024-10-10 14:53
VLAI
Summary
A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:54.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48582/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48582",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:53:00.582430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:53:17.188Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Christian Weiler"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system."
}
],
"value": "A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T17:11:15.231Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48582/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48582",
"datePublished": "2023-08-09T17:11:15.231Z",
"dateReserved": "2023-08-09T16:58:35.310Z",
"dateUpdated": "2024-10-10T14:53:17.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48581 (GCVE-0-2022-48581)
Vulnerability from cvelistv5 – Published: 2023-08-09 17:08 – Updated: 2024-10-10 14:53
VLAI
Summary
A command injection vulnerability exists in the “dash export” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48581/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48581",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:53:40.675177Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:53:54.089Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Christian Weiler"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability exists in the \u201cdash export\u201d feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system. "
}
],
"value": "A command injection vulnerability exists in the \u201cdash export\u201d feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T17:08:11.636Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48581/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48581",
"datePublished": "2023-08-09T17:08:11.636Z",
"dateReserved": "2023-08-09T16:58:35.310Z",
"dateUpdated": "2024-10-10T14:53:54.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48580 (GCVE-0-2022-48580)
Vulnerability from cvelistv5 – Published: 2023-08-09 17:02 – Updated: 2024-10-10 14:54
VLAI
Summary
A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48580/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48580",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:54:41.377178Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:54:53.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Christian Weiler"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability exists in the \u201cARP ping device tool\u201d feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for\u0026nbsp;the injection of arbitrary commands to the underlying operating system."
}
],
"value": "A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for\u00a0the injection of arbitrary commands to the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T17:07:52.058Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48580/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48580",
"datePublished": "2023-08-09T17:02:24.923Z",
"dateReserved": "2023-08-09T16:58:35.310Z",
"dateUpdated": "2024-10-10T14:54:53.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}