CVE-2022-48596

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 9, 2023
Updated: Nov 7, 2023
CWE ID 78
CWE ID 89

Summary

CVE-2022-48596 is a SQL injection vulnerability discovered in the "ticket queue watchers" feature of ScienceLogic SL1. The vulnerability arises from the application's failure to sanitize user-controlled input, allowing attackers to inject malicious SQL queries that can be executed against the database. Successful exploitation of this vulnerability could result in unauthorized data access, modification, or even complete database takeover. Organizations using ScienceLogic SL1 should apply the available patch as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share