Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
50 vulnerabilities found for SL 1 by ScienceLogic
CVE-2022-48604 (GCVE-0-2022-48604)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:35 – Updated: 2024-10-10 12:48
VLAI
Summary
A SQL injection vulnerability exists in the “logging export” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48604/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48604",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T12:47:54.337625Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T12:48:06.441Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201clogging export\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201clogging export\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:35:32.937Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48604/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48604",
"datePublished": "2023-08-09T18:35:32.937Z",
"dateReserved": "2023-08-09T16:58:35.314Z",
"dateUpdated": "2024-10-10T12:48:06.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48603 (GCVE-0-2022-48603)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:34 – Updated: 2024-10-10 12:48
VLAI
Summary
A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48603/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48603",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T12:48:23.177143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T12:48:32.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer iframe\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer iframe\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:34:48.333Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48603/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48603",
"datePublished": "2023-08-09T18:34:48.333Z",
"dateReserved": "2023-08-09T16:58:35.314Z",
"dateUpdated": "2024-10-10T12:48:32.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48602 (GCVE-0-2022-48602)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:33 – Updated: 2024-10-10 12:48
VLAI
Summary
A SQL injection vulnerability exists in the “message viewer print” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48602/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48602",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T12:48:45.899514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T12:48:53.896Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer print\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer print\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:33:39.915Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48602/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48602",
"datePublished": "2023-08-09T18:33:39.915Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T12:48:53.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48601 (GCVE-0-2022-48601)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:32 – Updated: 2024-10-09 20:45
VLAI
Summary
A SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48601/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48601",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T20:45:14.398612Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:45:22.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cnetwork print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cnetwork print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:32:30.423Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48601/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48601",
"datePublished": "2023-08-09T18:32:30.423Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-09T20:45:22.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48600 (GCVE-0-2022-48600)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:28 – Updated: 2024-10-09 20:48
VLAI
Summary
A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48600/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T20:48:20.104920Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:48:30.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cnotes view\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cnotes view\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:28:29.476Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48600/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48600",
"datePublished": "2023-08-09T18:28:29.476Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-09T20:48:30.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48599 (GCVE-0-2022-48599)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:26 – Updated: 2024-10-09 20:50
VLAI
Summary
A SQL injection vulnerability exists in the “reporter events type” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48599/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48599",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T20:50:16.427813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:50:26.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201creporter events type\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201creporter events type\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:26:24.798Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48599/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48599",
"datePublished": "2023-08-09T18:26:24.798Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-09T20:50:26.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48598 (GCVE-0-2022-48598)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:25 – Updated: 2024-10-10 18:22
VLAI
Summary
A SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48598/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T18:22:10.631782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T18:22:22.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201creporter events type date\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201creporter events type date\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:25:02.473Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48598/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48598",
"datePublished": "2023-08-09T18:25:02.473Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T18:22:22.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48597 (GCVE-0-2022-48597)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:23 – Updated: 2024-10-10 14:39
VLAI
Summary
A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48597/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48597",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:39:23.947486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:39:47.269Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cticket event report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cticket event report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:23:45.708Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48597/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48597",
"datePublished": "2023-08-09T18:23:45.708Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T14:39:47.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48596 (GCVE-0-2022-48596)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:21 – Updated: 2024-10-10 14:40
VLAI
Summary
A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48596/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48596",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:40:11.690850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:40:43.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cticket queue watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cticket queue watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:21:34.551Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48596/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48596",
"datePublished": "2023-08-09T18:21:34.551Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T14:40:43.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48595 (GCVE-0-2022-48595)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:19 – Updated: 2024-10-10 14:41
VLAI
Summary
A SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48595/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48595",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:41:02.549738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:41:13.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cticket template watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cticket template watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:19:24.967Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48595/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48595",
"datePublished": "2023-08-09T18:19:24.967Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T14:41:13.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48594 (GCVE-0-2022-48594)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:18 – Updated: 2024-10-10 12:49
VLAI
Summary
A SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48594/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T12:49:08.704786Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T12:49:18.686Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cticket watchers email\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cticket watchers email\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:18:03.553Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48594/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48594",
"datePublished": "2023-08-09T18:18:03.553Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T12:49:18.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48593 (GCVE-0-2022-48593)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:14 – Updated: 2024-10-10 14:42
VLAI
Summary
A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48593/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48593",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:42:15.398726Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:42:26.114Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201ctopology data service\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201ctopology data service\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:14:54.986Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48593/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48593",
"datePublished": "2023-08-09T18:14:54.986Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T14:42:26.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48592 (GCVE-0-2022-48592)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:09 – Updated: 2024-10-10 14:42
VLAI
Summary
A SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48592/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48592",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:42:48.471671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:42:58.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the vendor_country parameter of the \u201cvendor print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the vendor_country parameter of the \u201cvendor print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:09:37.218Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48592/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48592",
"datePublished": "2023-08-09T18:09:37.218Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T14:42:58.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48591 (GCVE-0-2022-48591)
Vulnerability from cvelistv5 – Published: 2023-08-09 18:04 – Updated: 2024-10-10 14:43
VLAI
Summary
A SQL injection vulnerability exists in the vendor_state parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48591/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:43:31.068984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:43:43.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the vendor_state parameter of the \u201cvendor print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the vendor_state parameter of the \u201cvendor print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:13:27.118Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48591/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48591",
"datePublished": "2023-08-09T18:04:59.797Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T14:43:43.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48590 (GCVE-0-2022-48590)
Vulnerability from cvelistv5 – Published: 2023-08-09 17:57 – Updated: 2024-10-10 14:45
VLAI
Summary
A SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48590/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48590",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:44:29.251425Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:45:17.570Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cadmin dynamic app mib errors\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cadmin dynamic app mib errors\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T17:57:42.896Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48590/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48590",
"datePublished": "2023-08-09T17:57:42.896Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T14:45:17.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48604 (GCVE-0-2022-48604)
Vulnerability from nvd – Published: 2023-08-09 18:35 – Updated: 2024-10-10 12:48
VLAI
Summary
A SQL injection vulnerability exists in the “logging export” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48604/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48604",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T12:47:54.337625Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T12:48:06.441Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201clogging export\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201clogging export\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:35:32.937Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48604/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48604",
"datePublished": "2023-08-09T18:35:32.937Z",
"dateReserved": "2023-08-09T16:58:35.314Z",
"dateUpdated": "2024-10-10T12:48:06.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48603 (GCVE-0-2022-48603)
Vulnerability from nvd – Published: 2023-08-09 18:34 – Updated: 2024-10-10 12:48
VLAI
Summary
A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48603/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48603",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T12:48:23.177143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T12:48:32.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer iframe\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer iframe\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:34:48.333Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48603/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48603",
"datePublished": "2023-08-09T18:34:48.333Z",
"dateReserved": "2023-08-09T16:58:35.314Z",
"dateUpdated": "2024-10-10T12:48:32.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48602 (GCVE-0-2022-48602)
Vulnerability from nvd – Published: 2023-08-09 18:33 – Updated: 2024-10-10 12:48
VLAI
Summary
A SQL injection vulnerability exists in the “message viewer print” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48602/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48602",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T12:48:45.899514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T12:48:53.896Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer print\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cmessage viewer print\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:33:39.915Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48602/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48602",
"datePublished": "2023-08-09T18:33:39.915Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T12:48:53.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48601 (GCVE-0-2022-48601)
Vulnerability from nvd – Published: 2023-08-09 18:32 – Updated: 2024-10-09 20:45
VLAI
Summary
A SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48601/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48601",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T20:45:14.398612Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:45:22.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cnetwork print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cnetwork print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:32:30.423Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48601/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48601",
"datePublished": "2023-08-09T18:32:30.423Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-09T20:45:22.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48600 (GCVE-0-2022-48600)
Vulnerability from nvd – Published: 2023-08-09 18:28 – Updated: 2024-10-09 20:48
VLAI
Summary
A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48600/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T20:48:20.104920Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:48:30.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cnotes view\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cnotes view\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:28:29.476Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48600/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48600",
"datePublished": "2023-08-09T18:28:29.476Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-09T20:48:30.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48599 (GCVE-0-2022-48599)
Vulnerability from nvd – Published: 2023-08-09 18:26 – Updated: 2024-10-09 20:50
VLAI
Summary
A SQL injection vulnerability exists in the “reporter events type” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48599/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48599",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T20:50:16.427813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:50:26.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201creporter events type\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201creporter events type\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:26:24.798Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48599/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48599",
"datePublished": "2023-08-09T18:26:24.798Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-09T20:50:26.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48598 (GCVE-0-2022-48598)
Vulnerability from nvd – Published: 2023-08-09 18:25 – Updated: 2024-10-10 18:22
VLAI
Summary
A SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48598/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T18:22:10.631782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T18:22:22.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201creporter events type date\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201creporter events type date\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:25:02.473Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48598/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48598",
"datePublished": "2023-08-09T18:25:02.473Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T18:22:22.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48597 (GCVE-0-2022-48597)
Vulnerability from nvd – Published: 2023-08-09 18:23 – Updated: 2024-10-10 14:39
VLAI
Summary
A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48597/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48597",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:39:23.947486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:39:47.269Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cticket event report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cticket event report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:23:45.708Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48597/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48597",
"datePublished": "2023-08-09T18:23:45.708Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T14:39:47.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48596 (GCVE-0-2022-48596)
Vulnerability from nvd – Published: 2023-08-09 18:21 – Updated: 2024-10-10 14:40
VLAI
Summary
A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48596/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48596",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:40:11.690850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:40:43.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cticket queue watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cticket queue watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:21:34.551Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48596/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48596",
"datePublished": "2023-08-09T18:21:34.551Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T14:40:43.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48595 (GCVE-0-2022-48595)
Vulnerability from nvd – Published: 2023-08-09 18:19 – Updated: 2024-10-10 14:41
VLAI
Summary
A SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48595/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48595",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:41:02.549738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:41:13.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cticket template watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cticket template watchers\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:19:24.967Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48595/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48595",
"datePublished": "2023-08-09T18:19:24.967Z",
"dateReserved": "2023-08-09T16:58:35.313Z",
"dateUpdated": "2024-10-10T14:41:13.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48594 (GCVE-0-2022-48594)
Vulnerability from nvd – Published: 2023-08-09 18:18 – Updated: 2024-10-10 12:49
VLAI
Summary
A SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48594/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T12:49:08.704786Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T12:49:18.686Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cticket watchers email\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cticket watchers email\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:18:03.553Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48594/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48594",
"datePublished": "2023-08-09T18:18:03.553Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T12:49:18.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48593 (GCVE-0-2022-48593)
Vulnerability from nvd – Published: 2023-08-09 18:14 – Updated: 2024-10-10 14:42
VLAI
Summary
A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48593/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48593",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:42:15.398726Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:42:26.114Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201ctopology data service\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201ctopology data service\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:14:54.986Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48593/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48593",
"datePublished": "2023-08-09T18:14:54.986Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T14:42:26.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48592 (GCVE-0-2022-48592)
Vulnerability from nvd – Published: 2023-08-09 18:09 – Updated: 2024-10-10 14:42
VLAI
Summary
A SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48592/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48592",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:42:48.471671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:42:58.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the vendor_country parameter of the \u201cvendor print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the vendor_country parameter of the \u201cvendor print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:09:37.218Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48592/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48592",
"datePublished": "2023-08-09T18:09:37.218Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T14:42:58.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48591 (GCVE-0-2022-48591)
Vulnerability from nvd – Published: 2023-08-09 18:04 – Updated: 2024-10-10 14:43
VLAI
Summary
A SQL injection vulnerability exists in the vendor_state parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48591/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:43:31.068984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:43:43.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the vendor_state parameter of the \u201cvendor print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the vendor_state parameter of the \u201cvendor print report\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T18:13:27.118Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48591/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48591",
"datePublished": "2023-08-09T18:04:59.797Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T14:43:43.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48590 (GCVE-0-2022-48590)
Vulnerability from nvd – Published: 2023-08-09 17:57 – Updated: 2024-10-10 14:45
VLAI
Summary
A SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScienceLogic | SL 1 |
Affected:
11.1.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2022-48590/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48590",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:44:29.251425Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:45:17.570Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SL 1",
"vendor": "ScienceLogic",
"versions": [
{
"status": "affected",
"version": "11.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ryan Wincey @rwincey @Securifera"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability exists in the \u201cadmin dynamic app mib errors\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"value": "A SQL injection vulnerability exists in the \u201cadmin dynamic app mib errors\u201d feature of the ScienceLogic SL1 that takes unsanitized user\u2010controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T17:57:42.896Z",
"orgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"shortName": "Securifera"
},
"references": [
{
"url": "https://www.securifera.com/advisories/cve-2022-48590/"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "c35fbbdf-8d87-49b6-8120-920a36e62b7f",
"assignerShortName": "Securifera",
"cveId": "CVE-2022-48590",
"datePublished": "2023-08-09T17:57:42.896Z",
"dateReserved": "2023-08-09T16:58:35.312Z",
"dateUpdated": "2024-10-10T14:45:17.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}