cbcvebase.

Sciencelogic Sl1 vulnerabilities

27 known vulnerabilities affecting sciencelogic/sl1.

Total CVEs
27
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH26

Vulnerabilities

Page 1 of 2
CVE-2024-9537P1CRITICALCVSS 9.8KEV≥ 10.1.0, < 12.1.3≥ 12.2.0, < 12.2.3+8 more2024-10-18
CVE-2024-9537 [CRITICAL] CVE-2024-9537: ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x.
nvd
CVE-2022-48580P2HIGHCVSS 8.8≤ 11.1.22023-08-09
CVE-2022-48580 [HIGH] CWE-78 CVE-2022-48580: A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
nvd
CVE-2022-48582P2HIGHCVSS 8.8≤ 11.1.22023-08-09
CVE-2022-48582 [HIGH] CWE-78 CVE-2022-48582: A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic S A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
nvd
CVE-2022-48581P3HIGHCVSS 8.8≤ 11.1.22023-08-09
CVE-2022-48581 [HIGH] CWE-78 CVE-2022-48581: A command injection vulnerability exists in the “dash export” feature of the ScienceLogic SL1 that t A command injection vulnerability exists in the “dash export” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
nvd
CVE-2022-48584P3HIGHCVSS 8.8≤ 11.1.22023-08-09
CVE-2022-48584 [HIGH] CWE-78 CVE-2022-48584: A command injection vulnerability exists in the download and convert report feature of the ScienceLo A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
nvd
CVE-2022-48583P3HIGHCVSS 8.8≤ 11.1.22023-08-09
CVE-2022-48583 [HIGH] CWE-78 CVE-2022-48583: A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
nvd
CVE-2022-48601P3HIGHCVSS 8.8≤ 11.1.22023-08-09
CVE-2022-48601 [HIGH] CWE-78 CVE-2022-48601: A SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 t A SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
nvd
CVE-2022-48586P3HIGHCVSS 8.8≤ 11.1.22023-08-09
CVE-2022-48586 [HIGH] CWE-78 CVE-2022-48586: A SQL injection vulnerability exists in the “json walker” feature of the ScienceLogic SL1 that takes A SQL injection vulnerability exists in the “json walker” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
nvd
CVE-2022-48604P3HIGHCVSS 8.8≤ 11.1.22023-08-09
CVE-2022-48604 [HIGH] CWE-78 CVE-2022-48604: A SQL injection vulnerability exists in the “logging export” feature of the ScienceLogic SL1 that ta A SQL injection vulnerability exists in the “logging export” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
nvd
CVE-2022-48598P3HIGHCVSS 8.8≤ 11.1.22023-08-09
CVE-2022-48598 [HIGH] CWE-78 CVE-2022-48598: A SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic A SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
nvd
CVE-2022-48597P3HIGHCVSS 8.8≤ 11.1.22023-08-09
CVE-2022-48597 [HIGH] CWE-78 CVE-2022-48597: A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 th A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
nvd
CVE-2022-48589P3HIGHCVSS 8.8≤ 11.1.22023-08-09
CVE-2022-48589 [HIGH] CWE-78 CVE-2022-48589: A SQL injection vulnerability exists in the “reporting job editor” feature of the ScienceLogic SL1 t A SQL injection vulnerability exists in the “reporting job editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
nvd
CVE-2022-48599P3HIGHCVSS 8.8≤ 11.1.22023-08-09
CVE-2022-48599 [HIGH] CWE-78 CVE-2022-48599: A SQL injection vulnerability exists in the “reporter events type” feature of the ScienceLogic SL1 t A SQL injection vulnerability exists in the “reporter events type” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
nvd
CVE-2022-48594P3HIGHCVSS 8.8≤ 11.1.22023-08-09
CVE-2022-48594 [HIGH] CWE-78 CVE-2022-48594: A SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 A SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
nvd
CVE-2022-48587P3HIGHCVSS 8.8≤ 11.1.22023-08-09
CVE-2022-48587 [HIGH] CWE-78 CVE-2022-48587: A SQL injection vulnerability exists in the “schedule editor” feature of the ScienceLogic SL1 that t A SQL injection vulnerability exists in the “schedule editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
nvd
CVE-2022-48596P3HIGHCVSS 8.8≤ 11.1.22023-08-09
CVE-2022-48596 [HIGH] CWE-78 CVE-2022-48596: A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
nvd
CVE-2022-48595P3HIGHCVSS 8.8≤ 11.1.22023-08-09
CVE-2022-48595 [HIGH] CWE-78 CVE-2022-48595: A SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic S A SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
nvd
CVE-2022-48588P3HIGHCVSS 8.8≤ 11.1.22023-08-09
CVE-2022-48588 [HIGH] CWE-78 CVE-2022-48588: A SQL injection vulnerability exists in the “schedule editor decoupled” feature of the ScienceLogic A SQL injection vulnerability exists in the “schedule editor decoupled” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
nvd
CVE-2022-48603P3HIGHCVSS 8.8≤ 11.1.22023-08-09
CVE-2022-48603 [HIGH] CWE-78 CVE-2022-48603: A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
nvd
CVE-2022-48602P3HIGHCVSS 8.8≤ 11.1.22023-08-09
CVE-2022-48602 [HIGH] CWE-78 CVE-2022-48602: A SQL injection vulnerability exists in the “message viewer print” feature of the ScienceLogic SL1 t A SQL injection vulnerability exists in the “message viewer print” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
nvd
Sciencelogic Sl1 vulnerabilities | cvebase