Sciencelogic Sl1
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Sciencelogic Sl1.
Known Exploited Sciencelogic Sl1 Vulnerabilities
The following Sciencelogic Sl1 vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| ScienceLogic SL1 Unspecified Vulnerability |
ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component. CVE-2024-9537 Exploit Probability: 63.9% |
October 21, 2024 |
The vulnerability CVE-2024-9537: ScienceLogic SL1 Unspecified Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.
By the Year
In 2026 there have been 0 vulnerabilities in Sciencelogic Sl1. Sl1 did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 9.80 |
| 2023 | 25 | 8.80 |
It may take a day or so for new Sl1 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Sciencelogic Sl1 Security Vulnerabilities
ScienceLogic SL1 Unspecified VULN in 3rdParty Component (fixed 12.1.3+)
CVE-2024-9537
9.8 - Critical
- October 18, 2024
ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x.
SQLi in ScienceLogic SL1 Topology Data Service
CVE-2022-48593
8.8 - High
- August 09, 2023
A SQL injection vulnerability exists in the topology data service feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
SQL Injection
SQLi in ScienceLogic SL1 Vendor Print Report via vendor_state
CVE-2022-48591
8.8 - High
- August 09, 2023
A SQL injection vulnerability exists in the vendor_state parameter of the vendor print report feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
SQL Injection
ScienceLogic SL1: SQLi in vendor_country Param
CVE-2022-48592
8.8 - High
- August 09, 2023
A SQL injection vulnerability exists in the vendor_country parameter of the vendor print report feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
SQL Injection
ScienceLogic SL1 SQLi via Message Viewer IFrame
CVE-2022-48603
8.8 - High
- August 09, 2023
A SQL injection vulnerability exists in the message viewer iframe feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
SQL Injection
SQL Injection in ScienceLogic SL1 Ticket Watcher Email Feature
CVE-2022-48594
8.8 - High
- August 09, 2023
A SQL injection vulnerability exists in the ticket watchers email feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
SQL Injection
SQLi in ScienceLogic SL1 Ticket Template Watchers
CVE-2022-48595
8.8 - High
- August 09, 2023
A SQL injection vulnerability exists in the ticket template watchers feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
SQL Injection
SQLi in ScienceLogic SL1 Ticket Queue Watchers
CVE-2022-48596
8.8 - High
- August 09, 2023
A SQL injection vulnerability exists in the ticket queue watchers feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
SQL Injection
ScienceLogic SL1: SQLi in Ticket Event Report via Unsanitized Input
CVE-2022-48597
8.8 - High
- August 09, 2023
A SQL injection vulnerability exists in the ticket event report feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
SQL Injection
SQL Injection in ScienceLogic SL1 Notes View Enables DB Access
CVE-2022-48600
8.8 - High
- August 09, 2023
A SQL injection vulnerability exists in the notes view feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
SQL Injection
SQLi in ScienceLogic SL1 Reporter Events Type Date Feature
CVE-2022-48598
8.8 - High
- August 09, 2023
A SQL injection vulnerability exists in the reporter events type date feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
SQL Injection
SQL Injection in ScienceLogic SL1 Logging Export
CVE-2022-48604
8.8 - High
- August 09, 2023
A SQL injection vulnerability exists in the logging export feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
SQL Injection
ScienceLogic SL1: SQLi in Message Viewer Print
CVE-2022-48602
8.8 - High
- August 09, 2023
A SQL injection vulnerability exists in the message viewer print feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
SQL Injection
CVE-2022-48601: SQLi in ScienceLogic SL1 Network Print Report
CVE-2022-48601
8.8 - High
- August 09, 2023
A SQL injection vulnerability exists in the network print report feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
SQL Injection
SQLi in ScienceLogic SL1 Reporter Events
CVE-2022-48599
8.8 - High
- August 09, 2023
A SQL injection vulnerability exists in the reporter events type feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
SQL Injection
Cmd Injection in SL1 ARP Ping Device Tool
CVE-2022-48580
8.8 - High
- August 09, 2023
A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
Shell injection
ScienceLogic SL1 Cmd Inv via dash Export Unsanitized Input
CVE-2022-48581
8.8 - High
- August 09, 2023
A command injection vulnerability exists in the dash export feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
Shell injection
ScienceLogic SL1 SQLi in Admin MIB Errors
CVE-2022-48590
8.8 - High
- August 09, 2023
A SQL injection vulnerability exists in the admin dynamic app mib errors feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
SQL Injection
ScienceLogic SL1 SQLi via reporting job editor
CVE-2022-48589
8.8 - High
- August 09, 2023
A SQL injection vulnerability exists in the reporting job editor feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
SQL Injection
ScienceLogic SL1 SQL Injection via Unsanitized Schedule Editor
CVE-2022-48588
8.8 - High
- August 09, 2023
A SQL injection vulnerability exists in the schedule editor decoupled feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
SQL Injection
SQL Injection in ScienceLogic SL1 Schedule Editor
CVE-2022-48587
8.8 - High
- August 09, 2023
A SQL injection vulnerability exists in the schedule editor feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
SQL Injection
ScienceLogic SL1 SQLi via JSON walker
CVE-2022-48586
8.8 - High
- August 09, 2023
A SQL injection vulnerability exists in the json walker feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
SQL Injection
ScienceLogic SL1 SQL Injection via Admin Brand Portal
CVE-2022-48585
8.8 - High
- August 09, 2023
A SQL injection vulnerability exists in the admin brand portal feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
SQL Injection
Command Injection in ScienceLogic SL1 Report Download/Convert
CVE-2022-48584
8.8 - High
- August 09, 2023
A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
Shell injection
ScienceLogic SL1 Dashboard Scheduler Command Injection
CVE-2022-48583
8.8 - High
- August 09, 2023
A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
Shell injection
ScienceLogic SL1: Ticket Report CMD Injection (CVE-2022-48582)
CVE-2022-48582
8.8 - High
- August 09, 2023
A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.
Shell injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Sciencelogic Sl1 or by Sciencelogic? Click the Watch button to subscribe.
