Advisory ID: LVD-2022-0002
CVSSv 3.1 Vector: AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:H/RL:U/RC:C
CVSSv 3.1 Base Score: 8.4
Severity: High
CVE: CVE-2022-48684
Date Published: 2022-09-28
Last Updated: 2022-10-12
Description
Template injection was seen in the search template. The search template uses jinja templating for generating dynamic data. This could be abused to gain code execution. Any user with the access to create a search template can use this vulnerability to execute code in the system as loginspect user.
Affected Product
Logpoint versions 7.1.0 and earlier.
Solution
Upgrade to Logpoint version 7.1.1.
Acknowledgments
Timo Fahlenbock, IT Manager for StrikoWestofen GmbH in Norican Group (DISA)
Comments
Article is closed for comments.