CVE-2022-48581

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 9, 2023
Updated: Aug 11, 2023
CWE ID 78

Summary

CVE-2022-48581 is a command injection vulnerability affecting the "dash export" feature of ScienceLogic SL1. The issue arises from unsanitized user-controlled input being directly passed to a shell command, enabling attackers to inject arbitrary commands and potentially gain unauthorized access to the underlying operating system. This vulnerability poses a significant risk and requires immediate attention from ScienceLogic SL1 users to implement necessary patches or mitigations to protect their systems.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share