CVE-2022-48583

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 9, 2023
Updated: Nov 7, 2023
CWE ID 78

Summary

CVE-2022-48583 is a critical command injection vulnerability affecting the dashboard scheduler feature of ScienceLogic SL1. maliciously crafted user inputs can bypass input validation and are directly passed to shell commands, allowing an attacker to execute arbitrary commands on the underlying operating system. This vulnerability poses a significant risk for unauthorized system access and data theft or manipulation. Successful exploitation could lead to serious consequences, including privilege escalation and data exfiltration. It is strongly recommended that affected organizations apply the available patch as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share