Search criteria
50 vulnerabilities found for SL 1 by ScienceLogic
CVE-2022-48604 (GCVE-0-2022-48604)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:35 – Updated: 2024-10-10 12:48
VLAI?
Summary
A SQL injection vulnerability exists in the “logging export” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48604/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48604",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T12:47:54.337625Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T12:48:06.441Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201clogging export\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201clogging export\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:35:32.937Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48604/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48604",
"datePublished": "2023-08-09T18:35:32.937Z",
"dateReserved": "2023-08-09T16:58:35.314Z",
"dateUpdated": "2024-10-10T12:48:06.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48603 (GCVE-0-2022-48603)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:34 – Updated: 2024-10-10 12:48
VLAI?
Summary
A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48603/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48603",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T12:48:23.177143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T12:48:32.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer iframe\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer iframe\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:34:48.333Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48603/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48603",
"datePublished": "2023-08-09T18:34:48.333Z",
"dateReserved": "2023-08-09T16:58:35.314Z",
"dateUpdated": "2024-10-10T12:48:32.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48602 (GCVE-0-2022-48602)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:33 – Updated: 2024-10-10 12:48
VLAI?
Summary
A SQL injection vulnerability exists in the “message viewer print” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48602/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48602",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T12:48:45.899514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T12:48:53.896Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer print\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer print\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:33:39.915Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48602/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48602",
"datePublished": "2023-08-09T18:33:39.915Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T12:48:53.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48601 (GCVE-0-2022-48601)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:32 – Updated: 2024-10-09 20:45
VLAI?
Summary
A SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48601/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48601",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T20:45:14.398612Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:45:22.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cnetwork print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cnetwork print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:32:30.423Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48601/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48601",
"datePublished": "2023-08-09T18:32:30.423Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-09T20:45:22.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48600 (GCVE-0-2022-48600)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:28 – Updated: 2024-10-09 20:48
VLAI?
Summary
A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48600/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T20:48:20.104920Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:48:30.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cnotes view\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cnotes view\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:28:29.476Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48600/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48600",
"datePublished": "2023-08-09T18:28:29.476Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-09T20:48:30.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48599 (GCVE-0-2022-48599)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:26 – Updated: 2024-10-09 20:50
VLAI?
Summary
A SQL injection vulnerability exists in the “reporter events type” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48599/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48599",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T20:50:16.427813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:50:26.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201creporter events type\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201creporter events type\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:26:24.798Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48599/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48599",
"datePublished": "2023-08-09T18:26:24.798Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-09T20:50:26.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48598 (GCVE-0-2022-48598)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:25 – Updated: 2024-10-10 18:22
VLAI?
Summary
A SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48598/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T18:22:10.631782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T18:22:22.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201creporter events type date\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201creporter events type date\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:25:02.473Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48598/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48598",
"datePublished": "2023-08-09T18:25:02.473Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T18:22:22.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48597 (GCVE-0-2022-48597)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:23 – Updated: 2024-10-10 14:39
VLAI?
Summary
A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48597/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48597",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:39:23.947486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:39:47.269Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cticket event report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cticket event report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:23:45.708Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48597/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48597",
"datePublished": "2023-08-09T18:23:45.708Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T14:39:47.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48596 (GCVE-0-2022-48596)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:21 – Updated: 2024-10-10 14:40
VLAI?
Summary
A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48596/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48596",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:40:11.690850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:40:43.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cticket queue watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cticket queue watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:21:34.551Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48596/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48596",
"datePublished": "2023-08-09T18:21:34.551Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T14:40:43.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48595 (GCVE-0-2022-48595)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:19 – Updated: 2024-10-10 14:41
VLAI?
Summary
A SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48595/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48595",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:41:02.549738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:41:13.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cticket template watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cticket template watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:19:24.967Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48595/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48595",
"datePublished": "2023-08-09T18:19:24.967Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T14:41:13.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48594 (GCVE-0-2022-48594)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:18 – Updated: 2024-10-10 12:49
VLAI?
Summary
A SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48594/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T12:49:08.704786Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T12:49:18.686Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cticket watchers email\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cticket watchers email\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:18:03.553Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48594/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48594",
"datePublished": "2023-08-09T18:18:03.553Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T12:49:18.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48593 (GCVE-0-2022-48593)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:14 – Updated: 2024-10-10 14:42
VLAI?
Summary
A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48593/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48593",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:42:15.398726Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:42:26.114Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201ctopology data service\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201ctopology data service\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:14:54.986Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48593/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48593",
"datePublished": "2023-08-09T18:14:54.986Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T14:42:26.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48592 (GCVE-0-2022-48592)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:09 – Updated: 2024-10-10 14:42
VLAI?
Summary
A SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48592/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48592",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:42:48.471671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:42:58.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the vendor_country parameter of the \u201cvendor print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the vendor_country parameter of the \u201cvendor print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:09:37.218Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48592/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48592",
"datePublished": "2023-08-09T18:09:37.218Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T14:42:58.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48591 (GCVE-0-2022-48591)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:04 – Updated: 2024-10-10 14:43
VLAI?
Summary
A SQL injection vulnerability exists in the vendor_state parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48591/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:43:31.068984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:43:43.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the vendor_state parameter of the \u201cvendor print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the vendor_state parameter of the \u201cvendor print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:13:27.118Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48591/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48591",
"datePublished": "2023-08-09T18:04:59.797Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T14:43:43.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48590 (GCVE-0-2022-48590)
Vulnerability from cvelistv5 – Published: 2023-08-09 17:57 – Updated: 2024-10-10 14:45
VLAI?
Summary
A SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48590/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48590",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:44:29.251425Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:45:17.570Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cadmin dynamic app mib errors\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cadmin dynamic app mib errors\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T17:57:42.896Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48590/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48590",
"datePublished": "2023-08-09T17:57:42.896Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T14:45:17.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48604 (GCVE-0-2022-48604)
Vulnerability from nvd – Published: 2023-08-09 18:35 – Updated: 2024-10-10 12:48
VLAI?
Summary
A SQL injection vulnerability exists in the “logging export” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48604/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48604",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T12:47:54.337625Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T12:48:06.441Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201clogging export\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201clogging export\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:35:32.937Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48604/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48604",
"datePublished": "2023-08-09T18:35:32.937Z",
"dateReserved": "2023-08-09T16:58:35.314Z",
"dateUpdated": "2024-10-10T12:48:06.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48603 (GCVE-0-2022-48603)
Vulnerability from nvd – Published: 2023-08-09 18:34 – Updated: 2024-10-10 12:48
VLAI?
Summary
A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48603/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48603",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T12:48:23.177143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T12:48:32.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer iframe\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer iframe\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:34:48.333Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48603/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48603",
"datePublished": "2023-08-09T18:34:48.333Z",
"dateReserved": "2023-08-09T16:58:35.314Z",
"dateUpdated": "2024-10-10T12:48:32.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48602 (GCVE-0-2022-48602)
Vulnerability from nvd – Published: 2023-08-09 18:33 – Updated: 2024-10-10 12:48
VLAI?
Summary
A SQL injection vulnerability exists in the “message viewer print” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48602/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48602",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T12:48:45.899514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T12:48:53.896Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer print\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer print\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:33:39.915Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48602/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48602",
"datePublished": "2023-08-09T18:33:39.915Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T12:48:53.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48601 (GCVE-0-2022-48601)
Vulnerability from nvd – Published: 2023-08-09 18:32 – Updated: 2024-10-09 20:45
VLAI?
Summary
A SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48601/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48601",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T20:45:14.398612Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:45:22.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cnetwork print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cnetwork print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:32:30.423Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48601/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48601",
"datePublished": "2023-08-09T18:32:30.423Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-09T20:45:22.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48600 (GCVE-0-2022-48600)
Vulnerability from nvd – Published: 2023-08-09 18:28 – Updated: 2024-10-09 20:48
VLAI?
Summary
A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48600/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T20:48:20.104920Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:48:30.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cnotes view\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cnotes view\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:28:29.476Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48600/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48600",
"datePublished": "2023-08-09T18:28:29.476Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-09T20:48:30.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48599 (GCVE-0-2022-48599)
Vulnerability from nvd – Published: 2023-08-09 18:26 – Updated: 2024-10-09 20:50
VLAI?
Summary
A SQL injection vulnerability exists in the “reporter events type” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48599/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48599",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T20:50:16.427813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:50:26.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201creporter events type\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201creporter events type\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:26:24.798Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48599/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48599",
"datePublished": "2023-08-09T18:26:24.798Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-09T20:50:26.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48598 (GCVE-0-2022-48598)
Vulnerability from nvd – Published: 2023-08-09 18:25 – Updated: 2024-10-10 18:22
VLAI?
Summary
A SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48598/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T18:22:10.631782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T18:22:22.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201creporter events type date\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201creporter events type date\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:25:02.473Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48598/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48598",
"datePublished": "2023-08-09T18:25:02.473Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T18:22:22.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48597 (GCVE-0-2022-48597)
Vulnerability from nvd – Published: 2023-08-09 18:23 – Updated: 2024-10-10 14:39
VLAI?
Summary
A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48597/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48597",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:39:23.947486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:39:47.269Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cticket event report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cticket event report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:23:45.708Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48597/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48597",
"datePublished": "2023-08-09T18:23:45.708Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T14:39:47.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48596 (GCVE-0-2022-48596)
Vulnerability from nvd – Published: 2023-08-09 18:21 – Updated: 2024-10-10 14:40
VLAI?
Summary
A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48596/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48596",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:40:11.690850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:40:43.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cticket queue watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cticket queue watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:21:34.551Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48596/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48596",
"datePublished": "2023-08-09T18:21:34.551Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T14:40:43.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48595 (GCVE-0-2022-48595)
Vulnerability from nvd – Published: 2023-08-09 18:19 – Updated: 2024-10-10 14:41
VLAI?
Summary
A SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48595/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48595",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:41:02.549738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:41:13.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cticket template watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cticket template watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:19:24.967Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48595/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48595",
"datePublished": "2023-08-09T18:19:24.967Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T14:41:13.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48594 (GCVE-0-2022-48594)
Vulnerability from nvd – Published: 2023-08-09 18:18 – Updated: 2024-10-10 12:49
VLAI?
Summary
A SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48594/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T12:49:08.704786Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T12:49:18.686Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cticket watchers email\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cticket watchers email\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:18:03.553Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48594/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48594",
"datePublished": "2023-08-09T18:18:03.553Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T12:49:18.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48593 (GCVE-0-2022-48593)
Vulnerability from nvd – Published: 2023-08-09 18:14 – Updated: 2024-10-10 14:42
VLAI?
Summary
A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48593/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48593",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:42:15.398726Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:42:26.114Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201ctopology data service\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201ctopology data service\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:14:54.986Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48593/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48593",
"datePublished": "2023-08-09T18:14:54.986Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T14:42:26.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48592 (GCVE-0-2022-48592)
Vulnerability from nvd – Published: 2023-08-09 18:09 – Updated: 2024-10-10 14:42
VLAI?
Summary
A SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48592/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48592",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:42:48.471671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:42:58.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the vendor_country parameter of the \u201cvendor print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the vendor_country parameter of the \u201cvendor print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:09:37.218Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48592/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48592",
"datePublished": "2023-08-09T18:09:37.218Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T14:42:58.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48591 (GCVE-0-2022-48591)
Vulnerability from nvd – Published: 2023-08-09 18:04 – Updated: 2024-10-10 14:43
VLAI?
Summary
A SQL injection vulnerability exists in the vendor_state parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48591/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:43:31.068984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:43:43.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the vendor_state parameter of the \u201cvendor print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the vendor_state parameter of the \u201cvendor print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:13:27.118Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48591/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48591",
"datePublished": "2023-08-09T18:04:59.797Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T14:43:43.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48590 (GCVE-0-2022-48590)
Vulnerability from nvd – Published: 2023-08-09 17:57 – Updated: 2024-10-10 14:45
VLAI?
Summary
A SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
Ryan Wincey @rwincey @Securifera
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48590/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48590",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:44:29.251425Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:45:17.570Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cadmin dynamic app mib errors\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cadmin dynamic app mib errors\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T17:57:42.896Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48590/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48590",
"datePublished": "2023-08-09T17:57:42.896Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T14:45:17.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}