CVE-2022-48684

Published: Apr 27, 2024Modified: Apr 18, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Logpoint before 7.1.1. Template injection was seen in the search template. The search template uses jinja templating for generating dynamic data. This could be abused to achieve code execution. Any user with access to create a search template can leverage this to execute code as the loginspect user.

Affected (1)

Products: Logpoint: Siem

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Logpoint Siem	Before 7.1.1

Related CWEs

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (2)

https://servicedesk.logpoint.com/hc/en-us/articles/7201134201885-Template-injection-in-Search-Template

Source: cve@mitre.org

Vendor Advisory

https://servicedesk.logpoint.com/hc/en-us/articles/7201134201885-Template-injection-in-Search-Template

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.