CISA Provides Sciencelogic SL1 Unspecified Vulnerability to KEV Catalog


CISA Adds Sciencelogic SL1 Unspecified Vulnerability to KEV Catalog

CISA has lately added a essential safety vulnerability affecting ScienceLogic SL1 to its Recognized Exploited Vulnerabilities (KEV) catalog following stories of energetic exploitation within the wild.

This addition underscores the pressing want for organizations to deal with this vulnerability promptly to mitigate potential safety dangers.

The vulnerability tracked as CVE-2024-9537 has been assigned a CVSS v4 rating of 9.3, indicating its essential severity.

It impacts ScienceLogic SL1 (previously referred to as EM7) and includes an unspecified third-party element packaged with the software program.

Be a part of ANY.RUN's FREE webinar on How you can Enhance Risk Investigations on Oct 23 - Register Here 

The precise nature of the vulnerability has not been disclosed, nevertheless it may doubtlessly result in distant code execution

Affected Variations and Fixes

ScienceLogic has addressed the vulnerability within the following variations:

  • 12.1.3 and later
  • 12.2.3 and later
  • 12.3 and later

Moreover, remediations have been made out there for older variations, together with 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x. The vulnerability has been reportedly exploited as a zero-day assault.

Cloud internet hosting supplier Rackspace acknowledged a difficulty with their ScienceLogic EM7 Portal, which resulted in unauthorized entry to 3 inside Rackspace monitoring net servers.

This incident highlights the real-world impression of the vulnerability and the urgency of making use of the mandatory patches.

By including CVE-2024-9537 to the KEV catalog, CISA goals to alert organizations concerning the essential nature of this vulnerability and the necessity for quick motion.

Federal Civilian Government Department (FCEB) businesses should apply the fixes by November 11, 2024, to guard their networks in opposition to potential threats.

Together with this vulnerability within the KEV catalog signifies its excessive threat to organizations. CISA strongly recommends that non-public companies, trade, and state, native, tribal, and territorial (SLTT) governments prioritize mitigating vulnerabilities listed within the catalog.

Including the ScienceLogic SL1 vulnerability to CISA’s KEV catalog is an important reminder of the continuing threats organizations face.

By promptly addressing this vulnerability and staying vigilant about rising safety dangers, organizations can considerably improve their cybersecurity posture and shield their essential belongings from potential exploitation.

How you can Select an final Managed SIEM answer for Your Safety Workforce -> Download Free Guide (PDF)



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *