Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
54 vulnerabilities found for SL1 by ScienceLogic
CVE-2025-58780 (GCVE-0-2025-58780)
Vulnerability from nvd – Published: 2025-09-05 00:00 – Updated: 2025-09-08 20:44 Disputed
VLAI?
Summary
index.em7 in ScienceLogic SL1 before 12.1.1 allows SQL Injection via a parameter in a request. NOTE: this is disputed by the Supplier because it "inaccurately describes the vulnerability."
Severity ?
7.2 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL1 |
Affected:
0 , < 12.1.1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58780",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-05T15:03:52.161110Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-05T15:04:52.049Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SL1",
"vendor": "ScienceLogic",
"versions": [
{
"lessThan": "12.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sciencelogic:sl1:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "index.em7 in ScienceLogic SL1 before 12.1.1 allows SQL Injection via a parameter in a request. NOTE: this is disputed by the Supplier because it \"inaccurately describes the vulnerability.\""
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T20:44:05.246Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.sciencelogic.com/release_notes_html/Content/12-1-1/12-1-1_release_notes.htm#New_Features_in_12-1-1"
},
{
"url": "https://github.com/SexyShoelessGodofWar/CVE-2025-58780"
}
],
"tags": [
"disputed"
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-58780",
"datePublished": "2025-09-05T00:00:00.000Z",
"dateReserved": "2025-09-05T00:00:00.000Z",
"dateUpdated": "2025-09-08T20:44:05.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9537 (GCVE-0-2024-9537)
Vulnerability from nvd – Published: 2024-10-18 14:45 – Updated: 2025-10-21 22:55 X_Known Exploited Vulnerability
VLAI?
Title
ScienceLogic SL1 unspecified vulnerability
Summary
ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x.
Severity ?
9.8 (Critical)
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL1 |
Affected:
0 , < 12.1.3
(custom)
Affected: 0 , < 12.2.3 (custom) Affected: 0 , < 12.3 (custom) Affected: 0 , < 10.1.x (custom) Affected: 0 , < 10.2.x (custom) Affected: 0 , < 11.1.x (custom) Affected: 0 , < 11.2.x (custom) Affected: 0 , < 11.3.x (custom) |
Date Public ?
2024-09-24 00:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sciencelogic:sl1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sl1",
"vendor": "sciencelogic",
"versions": [
{
"lessThan": "12.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.3.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:sciencelogic:sl1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sl1",
"vendor": "sciencelogic",
"versions": [
{
"lessThan": "12.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.3.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:sciencelogic:sl1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sl1",
"vendor": "sciencelogic",
"versions": [
{
"lessThan": "12.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.3.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:sciencelogic:sl1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sl1",
"vendor": "sciencelogic",
"versions": [
{
"lessThan": "12.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.3.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:sciencelogic:sl1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sl1",
"vendor": "sciencelogic",
"versions": [
{
"lessThan": "12.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.3.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:sciencelogic:sl1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sl1",
"vendor": "sciencelogic",
"versions": [
{
"lessThan": "12.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.3.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:sciencelogic:sl1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sl1",
"vendor": "sciencelogic",
"versions": [
{
"lessThan": "12.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.3.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:sciencelogic:sl1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sl1",
"vendor": "sciencelogic",
"versions": [
{
"lessThan": "12.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.3.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9537",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T15:09:27.600862Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-10-21",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9537"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:42.397Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9537"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-21T00:00:00.000Z",
"value": "CVE-2024-9537 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SL1",
"vendor": "ScienceLogic",
"versions": [
{
"lessThan": "12.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.3.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T15:50:25.109Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"url": "https://rackspace.service-now.com/system_status?id=detailed_status\u0026service=4dafca5a87f41610568b206f8bbb35a6"
},
{
"url": "https://twitter.com/ynezzor/status/1839931641172467907"
},
{
"tags": [
"media-coverage"
],
"url": "https://www.theregister.com/2024/09/30/rackspace_zero_day_attack/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://arcticwolf.com/resources/blog/rackspace-breach-linked-to-zero-day-vulnerability-sciencelogic-sl1s-third-party-utility/"
},
{
"tags": [
"media-coverage"
],
"url": "https://www.bleepingcomputer.com/news/security/rackspace-monitoring-data-stolen-in-sciencelogic-zero-day-attack/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://support.sciencelogic.com/s/article/15465"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://support.sciencelogic.com/s/article/15527"
},
{
"tags": [
"release-notes"
],
"url": "https://community.sciencelogic.com/blog/latest-kb-articles-and-known-issues-blog-board/week-of-september-30-2024---latest-kb-articles-and-known-issues-part-1-of-2/1690"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-9537"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"x_known-exploited-vulnerability"
],
"title": "ScienceLogic SL1 unspecified vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2024-9537",
"datePublished": "2024-10-18T14:45:02.147Z",
"dateReserved": "2024-10-04T17:48:28.986Z",
"dateUpdated": "2025-10-21T22:55:42.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48604 (GCVE-0-2022-48604)
Vulnerability from nvd – Published: 2023-08-09 18:35 – Updated: 2024-10-10 12:48
VLAI?
Summary
A SQL injection vulnerability exists in the “logging export” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48604/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48604",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T12:47:54.337625Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T12:48:06.441Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201clogging export\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201clogging export\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:35:32.937Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48604/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48604",
"datePublished": "2023-08-09T18:35:32.937Z",
"dateReserved": "2023-08-09T16:58:35.314Z",
"dateUpdated": "2024-10-10T12:48:06.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48603 (GCVE-0-2022-48603)
Vulnerability from nvd – Published: 2023-08-09 18:34 – Updated: 2024-10-10 12:48
VLAI?
Summary
A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48603/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48603",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T12:48:23.177143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T12:48:32.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer iframe\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer iframe\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:34:48.333Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48603/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48603",
"datePublished": "2023-08-09T18:34:48.333Z",
"dateReserved": "2023-08-09T16:58:35.314Z",
"dateUpdated": "2024-10-10T12:48:32.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48602 (GCVE-0-2022-48602)
Vulnerability from nvd – Published: 2023-08-09 18:33 – Updated: 2024-10-10 12:48
VLAI?
Summary
A SQL injection vulnerability exists in the “message viewer print” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48602/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48602",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T12:48:45.899514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T12:48:53.896Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer print\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer print\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:33:39.915Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48602/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48602",
"datePublished": "2023-08-09T18:33:39.915Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T12:48:53.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48601 (GCVE-0-2022-48601)
Vulnerability from nvd – Published: 2023-08-09 18:32 – Updated: 2024-10-09 20:45
VLAI?
Summary
A SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48601/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48601",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T20:45:14.398612Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:45:22.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cnetwork print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cnetwork print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:32:30.423Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48601/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48601",
"datePublished": "2023-08-09T18:32:30.423Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-09T20:45:22.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48600 (GCVE-0-2022-48600)
Vulnerability from nvd – Published: 2023-08-09 18:28 – Updated: 2024-10-09 20:48
VLAI?
Summary
A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48600/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T20:48:20.104920Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:48:30.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cnotes view\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cnotes view\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:28:29.476Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48600/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48600",
"datePublished": "2023-08-09T18:28:29.476Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-09T20:48:30.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48599 (GCVE-0-2022-48599)
Vulnerability from nvd – Published: 2023-08-09 18:26 – Updated: 2024-10-09 20:50
VLAI?
Summary
A SQL injection vulnerability exists in the “reporter events type” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48599/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48599",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T20:50:16.427813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:50:26.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201creporter events type\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201creporter events type\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:26:24.798Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48599/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48599",
"datePublished": "2023-08-09T18:26:24.798Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-09T20:50:26.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48598 (GCVE-0-2022-48598)
Vulnerability from nvd – Published: 2023-08-09 18:25 – Updated: 2024-10-10 18:22
VLAI?
Summary
A SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48598/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T18:22:10.631782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T18:22:22.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201creporter events type date\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201creporter events type date\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:25:02.473Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48598/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48598",
"datePublished": "2023-08-09T18:25:02.473Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T18:22:22.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48597 (GCVE-0-2022-48597)
Vulnerability from nvd – Published: 2023-08-09 18:23 – Updated: 2024-10-10 14:39
VLAI?
Summary
A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48597/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48597",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:39:23.947486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:39:47.269Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cticket event report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cticket event report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:23:45.708Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48597/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48597",
"datePublished": "2023-08-09T18:23:45.708Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T14:39:47.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48596 (GCVE-0-2022-48596)
Vulnerability from nvd – Published: 2023-08-09 18:21 – Updated: 2024-10-10 14:40
VLAI?
Summary
A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48596/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48596",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:40:11.690850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:40:43.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cticket queue watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cticket queue watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:21:34.551Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48596/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48596",
"datePublished": "2023-08-09T18:21:34.551Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T14:40:43.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48595 (GCVE-0-2022-48595)
Vulnerability from nvd – Published: 2023-08-09 18:19 – Updated: 2024-10-10 14:41
VLAI?
Summary
A SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48595/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48595",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:41:02.549738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:41:13.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cticket template watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cticket template watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:19:24.967Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48595/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48595",
"datePublished": "2023-08-09T18:19:24.967Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T14:41:13.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48594 (GCVE-0-2022-48594)
Vulnerability from nvd – Published: 2023-08-09 18:18 – Updated: 2024-10-10 12:49
VLAI?
Summary
A SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48594/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T12:49:08.704786Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T12:49:18.686Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cticket watchers email\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cticket watchers email\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:18:03.553Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48594/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48594",
"datePublished": "2023-08-09T18:18:03.553Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T12:49:18.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48593 (GCVE-0-2022-48593)
Vulnerability from nvd – Published: 2023-08-09 18:14 – Updated: 2024-10-10 14:42
VLAI?
Summary
A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48593/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48593",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:42:15.398726Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:42:26.114Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201ctopology data service\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201ctopology data service\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:14:54.986Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48593/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48593",
"datePublished": "2023-08-09T18:14:54.986Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T14:42:26.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48592 (GCVE-0-2022-48592)
Vulnerability from nvd – Published: 2023-08-09 18:09 – Updated: 2024-10-10 14:42
VLAI?
Summary
A SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48592/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48592",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:42:48.471671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:42:58.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the vendor_country parameter of the \u201cvendor print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the vendor_country parameter of the \u201cvendor print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:09:37.218Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48592/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48592",
"datePublished": "2023-08-09T18:09:37.218Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T14:42:58.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48591 (GCVE-0-2022-48591)
Vulnerability from nvd – Published: 2023-08-09 18:04 – Updated: 2024-10-10 14:43
VLAI?
Summary
A SQL injection vulnerability exists in the vendor_state parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48591/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:43:31.068984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:43:43.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the vendor_state parameter of the \u201cvendor print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the vendor_state parameter of the \u201cvendor print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:13:27.118Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48591/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48591",
"datePublished": "2023-08-09T18:04:59.797Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T14:43:43.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48590 (GCVE-0-2022-48590)
Vulnerability from nvd – Published: 2023-08-09 17:57 – Updated: 2024-10-10 14:45
VLAI?
Summary
A SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48590/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48590",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:44:29.251425Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:45:17.570Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cadmin dynamic app mib errors\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cadmin dynamic app mib errors\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T17:57:42.896Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48590/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48590",
"datePublished": "2023-08-09T17:57:42.896Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T14:45:17.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58780 (GCVE-0-2025-58780)
Vulnerability from cvelistv5 – Published: 2025-09-05 00:00 – Updated: 2025-09-08 20:44 Disputed
VLAI?
Summary
index.em7 in ScienceLogic SL1 before 12.1.1 allows SQL Injection via a parameter in a request. NOTE: this is disputed by the Supplier because it "inaccurately describes the vulnerability."
Severity ?
7.2 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL1 |
Affected:
0 , < 12.1.1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58780",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-05T15:03:52.161110Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-05T15:04:52.049Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SL1",
"vendor": "ScienceLogic",
"versions": [
{
"lessThan": "12.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sciencelogic:sl1:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "index.em7 in ScienceLogic SL1 before 12.1.1 allows SQL Injection via a parameter in a request. NOTE: this is disputed by the Supplier because it \"inaccurately describes the vulnerability.\""
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T20:44:05.246Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.sciencelogic.com/release_notes_html/Content/12-1-1/12-1-1_release_notes.htm#New_Features_in_12-1-1"
},
{
"url": "https://github.com/SexyShoelessGodofWar/CVE-2025-58780"
}
],
"tags": [
"disputed"
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-58780",
"datePublished": "2025-09-05T00:00:00.000Z",
"dateReserved": "2025-09-05T00:00:00.000Z",
"dateUpdated": "2025-09-08T20:44:05.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9537 (GCVE-0-2024-9537)
Vulnerability from cvelistv5 – Published: 2024-10-18 14:45 – Updated: 2025-10-21 22:55 X_Known Exploited Vulnerability
VLAI?
Title
ScienceLogic SL1 unspecified vulnerability
Summary
ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x.
Severity ?
9.8 (Critical)
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL1 |
Affected:
0 , < 12.1.3
(custom)
Affected: 0 , < 12.2.3 (custom) Affected: 0 , < 12.3 (custom) Affected: 0 , < 10.1.x (custom) Affected: 0 , < 10.2.x (custom) Affected: 0 , < 11.1.x (custom) Affected: 0 , < 11.2.x (custom) Affected: 0 , < 11.3.x (custom) |
Date Public ?
2024-09-24 00:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sciencelogic:sl1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sl1",
"vendor": "sciencelogic",
"versions": [
{
"lessThan": "12.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.3.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:sciencelogic:sl1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sl1",
"vendor": "sciencelogic",
"versions": [
{
"lessThan": "12.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.3.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:sciencelogic:sl1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sl1",
"vendor": "sciencelogic",
"versions": [
{
"lessThan": "12.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.3.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:sciencelogic:sl1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sl1",
"vendor": "sciencelogic",
"versions": [
{
"lessThan": "12.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.3.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:sciencelogic:sl1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sl1",
"vendor": "sciencelogic",
"versions": [
{
"lessThan": "12.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.3.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:sciencelogic:sl1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sl1",
"vendor": "sciencelogic",
"versions": [
{
"lessThan": "12.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.3.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:sciencelogic:sl1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sl1",
"vendor": "sciencelogic",
"versions": [
{
"lessThan": "12.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.3.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:sciencelogic:sl1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sl1",
"vendor": "sciencelogic",
"versions": [
{
"lessThan": "12.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.3.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9537",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T15:09:27.600862Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-10-21",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9537"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:42.397Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9537"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-21T00:00:00.000Z",
"value": "CVE-2024-9537 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SL1",
"vendor": "ScienceLogic",
"versions": [
{
"lessThan": "12.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "12.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.1.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.3.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T15:50:25.109Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"url": "https://rackspace.service-now.com/system_status?id=detailed_status\u0026service=4dafca5a87f41610568b206f8bbb35a6"
},
{
"url": "https://twitter.com/ynezzor/status/1839931641172467907"
},
{
"tags": [
"media-coverage"
],
"url": "https://www.theregister.com/2024/09/30/rackspace_zero_day_attack/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://arcticwolf.com/resources/blog/rackspace-breach-linked-to-zero-day-vulnerability-sciencelogic-sl1s-third-party-utility/"
},
{
"tags": [
"media-coverage"
],
"url": "https://www.bleepingcomputer.com/news/security/rackspace-monitoring-data-stolen-in-sciencelogic-zero-day-attack/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://support.sciencelogic.com/s/article/15465"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://support.sciencelogic.com/s/article/15527"
},
{
"tags": [
"release-notes"
],
"url": "https://community.sciencelogic.com/blog/latest-kb-articles-and-known-issues-blog-board/week-of-september-30-2024---latest-kb-articles-and-known-issues-part-1-of-2/1690"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-9537"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"x_known-exploited-vulnerability"
],
"title": "ScienceLogic SL1 unspecified vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2024-9537",
"datePublished": "2024-10-18T14:45:02.147Z",
"dateReserved": "2024-10-04T17:48:28.986Z",
"dateUpdated": "2025-10-21T22:55:42.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48604 (GCVE-0-2022-48604)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:35 – Updated: 2024-10-10 12:48
VLAI?
Summary
A SQL injection vulnerability exists in the “logging export” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48604/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48604",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T12:47:54.337625Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T12:48:06.441Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201clogging export\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201clogging export\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:35:32.937Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48604/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48604",
"datePublished": "2023-08-09T18:35:32.937Z",
"dateReserved": "2023-08-09T16:58:35.314Z",
"dateUpdated": "2024-10-10T12:48:06.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48603 (GCVE-0-2022-48603)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:34 – Updated: 2024-10-10 12:48
VLAI?
Summary
A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48603/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48603",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T12:48:23.177143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T12:48:32.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer iframe\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer iframe\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:34:48.333Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48603/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48603",
"datePublished": "2023-08-09T18:34:48.333Z",
"dateReserved": "2023-08-09T16:58:35.314Z",
"dateUpdated": "2024-10-10T12:48:32.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48602 (GCVE-0-2022-48602)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:33 – Updated: 2024-10-10 12:48
VLAI?
Summary
A SQL injection vulnerability exists in the “message viewer print” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48602/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48602",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T12:48:45.899514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T12:48:53.896Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer print\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer print\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:33:39.915Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48602/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48602",
"datePublished": "2023-08-09T18:33:39.915Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T12:48:53.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48601 (GCVE-0-2022-48601)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:32 – Updated: 2024-10-09 20:45
VLAI?
Summary
A SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48601/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48601",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T20:45:14.398612Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:45:22.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cnetwork print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cnetwork print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:32:30.423Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48601/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48601",
"datePublished": "2023-08-09T18:32:30.423Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-09T20:45:22.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48600 (GCVE-0-2022-48600)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:28 – Updated: 2024-10-09 20:48
VLAI?
Summary
A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48600/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T20:48:20.104920Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:48:30.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cnotes view\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cnotes view\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:28:29.476Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48600/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48600",
"datePublished": "2023-08-09T18:28:29.476Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-09T20:48:30.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48599 (GCVE-0-2022-48599)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:26 – Updated: 2024-10-09 20:50
VLAI?
Summary
A SQL injection vulnerability exists in the “reporter events type” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48599/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48599",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T20:50:16.427813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:50:26.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201creporter events type\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201creporter events type\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:26:24.798Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48599/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48599",
"datePublished": "2023-08-09T18:26:24.798Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-09T20:50:26.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48598 (GCVE-0-2022-48598)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:25 – Updated: 2024-10-10 18:22
VLAI?
Summary
A SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48598/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T18:22:10.631782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T18:22:22.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201creporter events type date\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201creporter events type date\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:25:02.473Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48598/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48598",
"datePublished": "2023-08-09T18:25:02.473Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T18:22:22.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48597 (GCVE-0-2022-48597)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:23 – Updated: 2024-10-10 14:39
VLAI?
Summary
A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48597/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48597",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:39:23.947486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:39:47.269Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cticket event report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cticket event report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:23:45.708Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48597/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48597",
"datePublished": "2023-08-09T18:23:45.708Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T14:39:47.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48596 (GCVE-0-2022-48596)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:21 – Updated: 2024-10-10 14:40
VLAI?
Summary
A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48596/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48596",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:40:11.690850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:40:43.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cticket queue watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cticket queue watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:21:34.551Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48596/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48596",
"datePublished": "2023-08-09T18:21:34.551Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T14:40:43.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48595 (GCVE-0-2022-48595)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:19 – Updated: 2024-10-10 14:41
VLAI?
Summary
A SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48595/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48595",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:41:02.549738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:41:13.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cticket template watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cticket template watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:19:24.967Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48595/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48595",
"datePublished": "2023-08-09T18:19:24.967Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T14:41:13.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48594 (GCVE-0-2022-48594)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:18 – Updated: 2024-10-10 12:49
VLAI?
Summary
A SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48594/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T12:49:08.704786Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T12:49:18.686Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cticket watchers email\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cticket watchers email\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:18:03.553Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48594/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48594",
"datePublished": "2023-08-09T18:18:03.553Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T12:49:18.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}