CVE-2022-48584
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2022-48584 is a command injection vulnerability affecting the ScienceLogic SL1's download and convert report feature. The issue arises from the system's failure to sanitize user-controlled input, allowing malicious commands to be directly passed to the underlying operating system. This vulnerability poses a significant risk as an attacker can execute arbitrary commands, potentially leading to unauthorized system access, data theft or system compromise. Organizations utilizing ScienceLogic SL1 are advised to apply the necessary patches or updates as soon as possible to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.