CVE-2022-48594

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 9, 2023

Updated: Nov 7, 2023

CWE ID 78

CWE ID 89

Summary

CVE-2022-48594 is a SQL injection vulnerability affecting ScienceLogic SL1's "ticket watchers email" feature. The issue arises due to unsanitized user input that is directly incorporated into SQL queries, enabling attackers to inject arbitrary SQL code before it is executed against the database. This vulnerability poses a serious threat, as it allows unauthorized access, data manipulation, and extraction. It is crucial for ScienceLogic SL1 users to apply the necessary patches or updates to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sR50vH
https://www.cve.org/CVERecord?id=CVE-2022-48594
https://nvd.nist.gov/vuln/detail/CVE-2022-48594

Back to Vulnerability Database

CVE-2022-48594

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations