CVE-2022-48584

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 9, 2023
Updated: Nov 7, 2023
CWE ID 78

Summary

CVE-2022-48584 is a command injection vulnerability affecting the ScienceLogic SL1's download and convert report feature. The issue arises from the system's failure to sanitize user-controlled input, allowing malicious commands to be directly passed to the underlying operating system. This vulnerability poses a significant risk as an attacker can execute arbitrary commands, potentially leading to unauthorized system access, data theft or system compromise. Organizations utilizing ScienceLogic SL1 are advised to apply the necessary patches or updates as soon as possible to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share