CVE-2024-9537

Known Exploited
ScienceLogic SL1 unspecified vulnerability

Description

ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x.

9.3
CVSS
Severity: Critical
CVSS 4.0 •
CVSS 3.1 •
EPSS 21.10% Top 5%
KEV Since 
Vendor Advisory sciencelogic.com Vendor Advisory sciencelogic.com Vendor Advisory sciencelogic.com
Affected: ScienceLogic SL1
Published at:
Updated at:

References

Link Tags
https://rackspace.service-now.com/system_status?id=detailed_status&service=4dafca5a87f41610568b206f8bbb35a6 third party advisory
https://twitter.com/ynezzor/status/1839931641172467907 third party advisory
https://www.theregister.com/2024/09/30/rackspace_zero_day_attack/ media coverage press/media coverage
https://arcticwolf.com/resources/blog/rackspace-breach-linked-to-zero-day-vulnerability-sciencelogic-sl1s-third-party-utility/ third party advisory press/media coverage
https://www.bleepingcomputer.com/news/security/rackspace-monitoring-data-stolen-in-sciencelogic-zero-day-attack/ media coverage press/media coverage
https://support.sciencelogic.com/s/article/15465 vendor advisory permissions required
https://support.sciencelogic.com/s/article/15527 vendor advisory permissions required
https://community.sciencelogic.com/blog/latest-kb-articles-and-known-issues-blog-board/week-of-september-30-2024---latest-kb-articles-and-known-issues-part-1-of-2/1690 release notes vendor advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-9537 third party advisory us government resource government resource

Frequently Asked Questions

What is the severity of CVE-2024-9537?
CVE-2024-9537 has been scored as a critical severity vulnerability.
How to fix CVE-2024-9537?
To fix CVE-2024-9537, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-9537 being actively exploited in the wild?
It is confirmed that CVE-2024-9537 is actively exploited. Be extra cautious if you are using vulnerable components. According to its EPSS score, there is a ~21% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-9537?
CVE-2024-9537 affects ScienceLogic SL1.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.