CVE-2024-9537

CRITICAL KEV

ScienceLogic SL1 - Unspecified Vuln

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2024-9537 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added October 21, 2024.

Description

ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x.

References (10)

Core 10
Core References
Permissions Required vendor-advisory
https://support.sciencelogic.com/s/article/15465
Permissions Required vendor-advisory
https://support.sciencelogic.com/s/article/15527
Third Party Advisory, US Government Resource government-resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-9537

Scores

CVSS v3 9.8
EPSS 0.6391
EPSS Percentile 98.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable yes
Technical Impact total

Details

CISA KEV 2024-10-21
VulnCheck KEV 2024-09-28
InTheWild.io 2024-10-21
ENISA EUVD EUVD-2024-49996
Status published
Products (1)
sciencelogic/sl1 10.1.0 - 12.1.3
Published Oct 18, 2024
KEV Added Oct 21, 2024
Tracked Since Feb 18, 2026