CVE-2022-48597
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2022-48597 is a SQL injection vulnerability discovered in the "ticket event report" feature of ScienceLogic SL1. The issue stems from unsanitized user input being directly incorporated into SQL queries, enabling attackers to inject arbitrary SQL code. This vulnerability poses a significant threat as it allows unauthorized access to sensitive data and the ability to manipulate or delete information. Successful exploitation could lead to serious consequences, including data theft and system compromise. It is strongly advised that affected organizations apply the available patch or implement appropriate input validation measures to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.