Vulnerabilities > Sciencelogic

DATE CVE VULNERABILITY TITLE RISK
2024-10-18 CVE-2024-9537 Unspecified vulnerability in Sciencelogic SL1
ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1.
network
low complexity
sciencelogic
critical
9.8
2023-08-09 CVE-2022-48591 SQL Injection vulnerability in Sciencelogic SL1
A SQL injection vulnerability exists in the vendor_state parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.
network
low complexity
sciencelogic CWE-89
8.8
2023-08-09 CVE-2022-48592 SQL Injection vulnerability in Sciencelogic SL1
A SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.
network
low complexity
sciencelogic CWE-89
8.8
2023-08-09 CVE-2022-48593 SQL Injection vulnerability in Sciencelogic SL1
A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.
network
low complexity
sciencelogic CWE-89
8.8
2023-08-09 CVE-2022-48594 SQL Injection vulnerability in Sciencelogic SL1
A SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.
network
low complexity
sciencelogic CWE-89
8.8
2023-08-09 CVE-2022-48595 SQL Injection vulnerability in Sciencelogic SL1
A SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.
network
low complexity
sciencelogic CWE-89
8.8
2023-08-09 CVE-2022-48596 SQL Injection vulnerability in Sciencelogic SL1
A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.
network
low complexity
sciencelogic CWE-89
8.8
2023-08-09 CVE-2022-48597 SQL Injection vulnerability in Sciencelogic SL1
A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.
network
low complexity
sciencelogic CWE-89
8.8
2023-08-09 CVE-2022-48598 SQL Injection vulnerability in Sciencelogic SL1
A SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.
network
low complexity
sciencelogic CWE-89
8.8
2023-08-09 CVE-2022-48599 SQL Injection vulnerability in Sciencelogic SL1
A SQL injection vulnerability exists in the “reporter events type” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.
network
low complexity
sciencelogic CWE-89
8.8