CVE-2022-48581: 
ScienceLogic SL1 Agent vulnerability analysis and mitigation

A command injection vulnerability (CVE-2022-48581) was discovered in the "dash export" feature of ScienceLogic SL1 versions 11.1.2 and earlier. The vulnerability was disclosed on August 9, 2023, and allows unsanitized user-controlled input to be passed directly to a shell command (Securifera).

The vulnerability has been assigned a CVSS v3.1 score of 8.8 (High) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability can be exploited remotely, requires low attack complexity, needs low privileges, and can result in high impacts to confidentiality, integrity, and availability (Securifera).

Successful exploitation of this vulnerability allows attackers to inject arbitrary commands to the underlying operating system, potentially leading to complete system compromise (Securifera).

Users are advised to update to the latest version of ScienceLogic SL1 beyond version 11.1.2 to address this vulnerability (Securifera).

The disclosure process involved significant resistance from the vendor, who initially refused CVE issuance and disclosure. The vendor hired a law firm to manage the disclosure process, and their legal team strongly advised against disclosing to MITRE. The vulnerability was finally disclosed publicly on August 9, 2023, after the researcher notified the vendor of intent to issue CVEs (Securifera).