CVE-2022-48597

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 9, 2023
Updated: Nov 7, 2023
CWE ID 78
CWE ID 89

Summary

CVE-2022-48597 is a SQL injection vulnerability discovered in the "ticket event report" feature of ScienceLogic SL1. The issue stems from unsanitized user input being directly incorporated into SQL queries, enabling attackers to inject arbitrary SQL code. This vulnerability poses a significant threat as it allows unauthorized access to sensitive data and the ability to manipulate or delete information. Successful exploitation could lead to serious consequences, including data theft and system compromise. It is strongly advised that affected organizations apply the available patch or implement appropriate input validation measures to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share