CVE-2024-9537

EUVD-2024-49996
ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+.  Remediations have been made available for all SL1 versions back to version lines 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
Affected Products (NVD)
VendorProductVersion
sciencelogicsl1
10.1.0 ≤
𝑥
< 12.1.3
sciencelogicsl1
12.2.0 ≤
𝑥
< 12.2.3
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
sciencelogicsl1
𝑥
< 12.1.3
ADP
sciencelogicsl1
𝑥
< 12.2.3
ADP
sciencelogicsl1
𝑥
< 12.3
ADP
sciencelogicsl1
𝑥
< 10.1.x
ADP
sciencelogicsl1
𝑥
< 10.2.x
ADP
sciencelogicsl1
𝑥
< 11.1.x
ADP
sciencelogicsl1
𝑥
< 11.2.x
ADP
sciencelogicsl1
𝑥
< 11.3.x
ADP
sciencelogicsl1
𝑥
< 12.1.3
ADP
sciencelogicsl1
𝑥
< 12.2.3
ADP
sciencelogicsl1
𝑥
< 12.3
ADP
sciencelogicsl1
𝑥
< 10.1.x
ADP
sciencelogicsl1
𝑥
< 10.2.x
ADP
sciencelogicsl1
𝑥
< 11.1.x
ADP
sciencelogicsl1
𝑥
< 11.2.x
ADP
sciencelogicsl1
𝑥
< 11.3.x
ADP
sciencelogicsl1
𝑥
< 12.1.3
ADP
sciencelogicsl1
𝑥
< 12.2.3
ADP
sciencelogicsl1
𝑥
< 12.3
ADP
sciencelogicsl1
𝑥
< 10.1.x
ADP
sciencelogicsl1
𝑥
< 10.2.x
ADP
sciencelogicsl1
𝑥
< 11.1.x
ADP
sciencelogicsl1
𝑥
< 11.2.x
ADP
sciencelogicsl1
𝑥
< 11.3.x
ADP
sciencelogicsl1
𝑥
< 12.1.3
ADP
sciencelogicsl1
𝑥
< 12.2.3
ADP
sciencelogicsl1
𝑥
< 12.3
ADP
sciencelogicsl1
𝑥
< 10.1.x
ADP
sciencelogicsl1
𝑥
< 10.2.x
ADP
sciencelogicsl1
𝑥
< 11.1.x
ADP
sciencelogicsl1
𝑥
< 11.2.x
ADP
sciencelogicsl1
𝑥
< 11.3.x
ADP
sciencelogicsl1
𝑥
< 12.1.3
ADP
sciencelogicsl1
𝑥
< 12.2.3
ADP
sciencelogicsl1
𝑥
< 12.3
ADP
sciencelogicsl1
𝑥
< 10.1.x
ADP
sciencelogicsl1
𝑥
< 10.2.x
ADP
sciencelogicsl1
𝑥
< 11.1.x
ADP
sciencelogicsl1
𝑥
< 11.2.x
ADP
sciencelogicsl1
𝑥
< 11.3.x
ADP
sciencelogicsl1
𝑥
< 12.1.3
ADP
sciencelogicsl1
𝑥
< 12.2.3
ADP
sciencelogicsl1
𝑥
< 12.3
ADP
sciencelogicsl1
𝑥
< 10.1.x
ADP
sciencelogicsl1
𝑥
< 10.2.x
ADP
sciencelogicsl1
𝑥
< 11.1.x
ADP
sciencelogicsl1
𝑥
< 11.2.x
ADP
sciencelogicsl1
𝑥
< 11.3.x
ADP
sciencelogicsl1
𝑥
< 12.1.3
ADP
sciencelogicsl1
𝑥
< 12.2.3
ADP
sciencelogicsl1
𝑥
< 12.3
ADP
sciencelogicsl1
𝑥
< 10.1.x
ADP
sciencelogicsl1
𝑥
< 10.2.x
ADP
sciencelogicsl1
𝑥
< 11.1.x
ADP
sciencelogicsl1
𝑥
< 11.2.x
ADP
sciencelogicsl1
𝑥
< 11.3.x
ADP
sciencelogicsl1
𝑥
< 12.1.3
ADP
sciencelogicsl1
𝑥
< 12.2.3
ADP
sciencelogicsl1
𝑥
< 12.3
ADP
sciencelogicsl1
𝑥
< 10.1.x
ADP
sciencelogicsl1
𝑥
< 10.2.x
ADP
sciencelogicsl1
𝑥
< 11.1.x
ADP
sciencelogicsl1
𝑥
< 11.2.x
ADP
sciencelogicsl1
𝑥
< 11.3.x
ADP
References
https://arcticwolf.com/resources/blog/rackspace-breach-linked-to-zero-day-vulnerability-sciencelogic-sl1s-third-party-utility/
https://community.sciencelogic.com/blog/latest-kb-articles-and-known-issues-blog-board/week-of-september-30-2024---latest-kb-articles-and-known-issues-part-1-of-2/1690
https://rackspace.service-now.com/system_status?id=detailed_status&service=4dafca5a87f41610568b206f8bbb35a6
https://support.sciencelogic.com/s/article/15465
https://support.sciencelogic.com/s/article/15527
https://twitter.com/ynezzor/status/1839931641172467907
https://www.bleepingcomputer.com/news/security/rackspace-monitoring-data-stolen-in-sciencelogic-zero-day-attack/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-9537
https://www.theregister.com/2024/09/30/rackspace_zero_day_attack/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9537