CVE-2024-9537 is a vulnerability in Sciencelogic Sl1
Published on October 18, 2024
ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x.
Known Exploited Vulnerability
This ScienceLogic SL1 Unspecified Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component.
The following remediation steps are recommended / required by November 11, 2024: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Vulnerability Analysis
CVE-2024-9537 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Products Associated with CVE-2024-9537
You can be notified by stack.watch whenever vulnerabilities like CVE-2024-9537 are published in these products:
What versions of Sl1 are vulnerable to CVE-2024-9537?
-
Sciencelogic Sl1
Version 12.2.0
Fixed in Version 12.2.3
-
Sciencelogic Sl1
Version 10.1.0
Fixed in Version 12.1.3