SL1
by ScienceLogic
CVEs (27)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-48586 | 0.00 | — | 0.00 | Aug 9, 2023 | A SQL injection vulnerability exists in the “json walker” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | |||
| CVE-2022-48585 | 0.00 | — | 0.00 | Aug 9, 2023 | A SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | |||
| CVE-2022-48584 | 0.00 | — | 0.00 | Aug 9, 2023 | A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating… | |||
| CVE-2022-48583 | 0.00 | — | 0.00 | Aug 9, 2023 | A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system. | |||
| CVE-2022-48582 | 0.00 | — | 0.00 | Aug 9, 2023 | A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system. | |||
| CVE-2022-48581 | 0.00 | — | 0.00 | Aug 9, 2023 | A command injection vulnerability exists in the “dash export” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system. | |||
| CVE-2022-48580 | 0.00 | — | 0.00 | Aug 9, 2023 | A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system. |
- CVE-2022-48586Aug 9, 2023risk 0.00cvss —epss 0.00
A SQL injection vulnerability exists in the “json walker” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
- CVE-2022-48585Aug 9, 2023risk 0.00cvss —epss 0.00
A SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
- CVE-2022-48584Aug 9, 2023risk 0.00cvss —epss 0.00
A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating…
- CVE-2022-48583Aug 9, 2023risk 0.00cvss —epss 0.00
A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
- CVE-2022-48582Aug 9, 2023risk 0.00cvss —epss 0.00
A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
- CVE-2022-48581Aug 9, 2023risk 0.00cvss —epss 0.00
A command injection vulnerability exists in the “dash export” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
- CVE-2022-48580Aug 9, 2023risk 0.00cvss —epss 0.00
A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
Page 2 of 2