CVE-2022-48595: 
ScienceLogic SL1 Agent vulnerability analysis and mitigation

A SQL injection vulnerability (CVE-2022-48595) was discovered in the "ticket template watchers" feature of ScienceLogic SL1 versions 11.1.2 and earlier. The vulnerability was disclosed on August 9, 2023, and it occurs when unsanitized user-controlled input is passed directly to a SQL query (Securifera).

The vulnerability allows for the injection of arbitrary SQL commands that are executed against the database. The severity of this vulnerability is rated as High with a CVSS v3.1 score of 8.8, characterized by Network attack vector, Low attack complexity, Low privileges required, No user interaction needed, and High impact on confidentiality, integrity, and availability (Securifera).

The vulnerability can lead to unauthorized access to the database, potentially allowing attackers to view, modify, or delete sensitive data. The high CVSS score indicates significant potential impact on system confidentiality, integrity, and availability (Securifera).

Users are advised to update to the latest version of ScienceLogic SL1 beyond version 11.1.2 to address this vulnerability (Securifera).

The disclosure process involved significant vendor interaction, with initial notification on September 6, 2022. The vendor initially refused CVE issuance and disclosure, hiring a law firm to manage the process. After several months of discussion, the vulnerability was finally publicly disclosed on August 9, 2023 (Securifera).