CVE-2024-9537

Name of the Vulnerable Software and Affected Versions ScienceLogic SL1 versions prior to 12.1.3 ScienceLogic SL1 versions prior to 12.2.3 ScienceLogic SL1 versions prior to 12.3+ ScienceLogic SL1 versions 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x

Description The issue involves an unspecified vulnerability in an unspecified third-party component packaged with ScienceLogic SL1. This vulnerability allows for remote code execution and has been exploited in the wild, including a security incident at Rackspace. The estimated number of potentially affected devices is not specified.

Recommendations For ScienceLogic SL1 versions prior to 12.1.3, update to version 12.1.3 or later. For ScienceLogic SL1 versions prior to 12.2.3, update to version 12.2.3 or later. For ScienceLogic SL1 versions prior to 12.3+, update to version 12.3+ or later. For ScienceLogic SL1 versions 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x, apply the available remediations to mitigate the vulnerability. As a temporary workaround, consider restricting access to the vulnerable component until a patch is available.