Vulnerability Details CVE-2024-9537
ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.332
EPSS Ranking 96.7%
CVSS Severity
CVSS v3 Score 9.8
Proposed Action
ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component.
Ransomware Campaign
Unknown
References
- https://arcticwolf.com/resources/blog/rackspace-breach-linked-to-zero-day-vulnerability-sciencelogic-sl1s-third-party-utility/
- https://community.sciencelogic.com/blog/latest-kb-articles-and-known-issues-blog-board/week-of-september-30-2024---latest-kb-articles-and-known-issues-part-1-of-2/1690
- https://rackspace.service-now.com/system_status?id=detailed_status&service=4dafca5a87f41610568b206f8bbb35a6
- https://support.sciencelogic.com/s/article/15465
- https://support.sciencelogic.com/s/article/15527
- https://twitter.com/ynezzor/status/1839931641172467907
- https://www.bleepingcomputer.com/news/security/rackspace-monitoring-data-stolen-in-sciencelogic-zero-day-attack/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-9537
- https://www.theregister.com/2024/09/30/rackspace_zero_day_attack/
Products affected by CVE-2024-9537
-
cpe:2.3:a:sciencelogic:sl1:10.1.0
-
cpe:2.3:a:sciencelogic:sl1:10.1.1
-
cpe:2.3:a:sciencelogic:sl1:10.1.2
-
cpe:2.3:a:sciencelogic:sl1:10.1.3
-
cpe:2.3:a:sciencelogic:sl1:10.1.4
-
cpe:2.3:a:sciencelogic:sl1:10.1.5
-
cpe:2.3:a:sciencelogic:sl1:10.1.6
-
cpe:2.3:a:sciencelogic:sl1:10.1.7
-
cpe:2.3:a:sciencelogic:sl1:10.1.8
-
cpe:2.3:a:sciencelogic:sl1:10.2.0
-
cpe:2.3:a:sciencelogic:sl1:10.2.1
-
cpe:2.3:a:sciencelogic:sl1:10.2.2
-
cpe:2.3:a:sciencelogic:sl1:10.2.3
-
cpe:2.3:a:sciencelogic:sl1:10.2.4
-
cpe:2.3:a:sciencelogic:sl1:10.2.4.1
-
cpe:2.3:a:sciencelogic:sl1:10.2.5
-
cpe:2.3:a:sciencelogic:sl1:10.2.6
-
cpe:2.3:a:sciencelogic:sl1:10.2.6.1
-
cpe:2.3:a:sciencelogic:sl1:10.2.7
-
cpe:2.3:a:sciencelogic:sl1:11.1.0
-
cpe:2.3:a:sciencelogic:sl1:11.1.0.1
-
cpe:2.3:a:sciencelogic:sl1:11.1.1
-
cpe:2.3:a:sciencelogic:sl1:11.1.1.2
-
cpe:2.3:a:sciencelogic:sl1:11.1.2
-
cpe:2.3:a:sciencelogic:sl1:11.1.3
-
cpe:2.3:a:sciencelogic:sl1:11.1.4
-
cpe:2.3:a:sciencelogic:sl1:11.1.5
-
cpe:2.3:a:sciencelogic:sl1:11.1.6
-
cpe:2.3:a:sciencelogic:sl1:11.1.6.1
-
cpe:2.3:a:sciencelogic:sl1:11.2.0
-
cpe:2.3:a:sciencelogic:sl1:11.2.2
-
cpe:2.3:a:sciencelogic:sl1:11.2.3
-
cpe:2.3:a:sciencelogic:sl1:11.2.3.1
-
cpe:2.3:a:sciencelogic:sl1:11.3.0
-
cpe:2.3:a:sciencelogic:sl1:11.3.1
-
cpe:2.3:a:sciencelogic:sl1:11.3.1.3
-
cpe:2.3:a:sciencelogic:sl1:11.3.2
-
cpe:2.3:a:sciencelogic:sl1:11.3.2.1
-
cpe:2.3:a:sciencelogic:sl1:12.1.0
-
cpe:2.3:a:sciencelogic:sl1:12.1.0.2
-
cpe:2.3:a:sciencelogic:sl1:12.1.1
-
cpe:2.3:a:sciencelogic:sl1:12.1.2
-
cpe:2.3:a:sciencelogic:sl1:12.2.0
-
cpe:2.3:a:sciencelogic:sl1:12.2.1.1
-
cpe:2.3:a:sciencelogic:sl1:12.2.1.2