CVE-2022-48587

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 9, 2023
Updated: Nov 7, 2023
CWE ID 78
CWE ID 89

Summary

CVE-2022-48587 is a SQL injection vulnerability identified in the "schedule editor" feature of ScienceLogic SL1. The issue arises due to unsanitized user input that is directly incorporated into SQL queries. Malicious actors can exploit this flaw to inject arbitrary SQL code, potentially gaining unauthorized access to sensitive database information or causing other unintended consequences. This vulnerability poses a significant risk to organizations using the affected ScienceLogic product and necessitates immediate patching to mitigate the threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share