CVE-2022-48684

{"id": "CVE-2022-48684", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.7}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-04-27T23:15:06.110", "references": [{"url": "https://servicedesk.logpoint.com/hc/en-us/articles/7201134201885-Template-injection-in-Search-Template", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://servicedesk.logpoint.com/hc/en-us/articles/7201134201885-Template-injection-in-Search-Template", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Logpoint before 7.1.1. Template injection was seen in the search template. The search template uses jinja templating for generating dynamic data. This could be abused to achieve code execution. Any user with access to create a search template can leverage this to execute code as the loginspect user."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Logpoint antes de la versi\u00f3n 7.1.1. Se observ\u00f3 inyecci\u00f3n de plantilla en la plantilla de b\u00fasqueda. La plantilla de b\u00fasqueda utiliza plantillas jinja para generar datos din\u00e1micos. Se podr\u00eda abusar de esto para lograr la ejecuci\u00f3n del c\u00f3digo. Cualquier usuario con acceso para crear una plantilla de b\u00fasqueda puede aprovechar esto para ejecutar c\u00f3digo como usuario de inicio de sesi\u00f3n."}], "lastModified": "2025-04-18T19:06:28.477", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:logpoint:siem:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA55DD4A-1A4B-4098-8290-09669C363437", "versionEndExcluding": "7.1.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}