← back
CVE-2024-9537

ScienceLogic SL1 unspecified vulnerability

CVSS 9.3 CRITICALEPSS 3.9%● KEV
In short

ScienceLogic SL1 monitoring platform contains a critical vulnerability in one of its third-party components that could allow attackers to compromise the system. The exact nature of the flaw is not disclosed, but it affects multiple versions and requires immediate patching.

Technical detail

An unspecified third-party component integrated into ScienceLogic SL1 contains a critical vulnerability (CVSS 9.3) with unspecified attack vectors and impact. Affected versions include 10.1.x through 12.2.x; patches are available in SL1 12.1.3+, 12.2.3+, and 12.3+, with backports provided for earlier version lines.

Summary generated and translated by AI from the official description.
ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Red
Affected products
ScienceLogic · SL1

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://arcticwolf.com/resources/blog/rackspace-breach-linked-to-zero-day-vulnerability-sciencelogic-sl1s-third-party-utility/https://community.sciencelogic.com/blog/latest-kb-articles-and-known-issues-blog-board/week-of-september-30-2024---latest-kb-articles-and-known-issues-part-1-of-2/1690https://rackspace.service-now.com/system_status?id=detailed_status&service=4dafca5a87f41610568b206f8bbb35a6https://support.sciencelogic.com/s/article/15465https://support.sciencelogic.com/s/article/15527https://twitter.com/ynezzor/status/1839931641172467907https://www.bleepingcomputer.com/news/security/rackspace-monitoring-data-stolen-in-sciencelogic-zero-day-attack/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9537https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-9537https://www.theregister.com/2024/09/30/rackspace_zero_day_attack/