CVE-2024-9537

Name: CVE-2024-9537
Creator: NVD / NIST
Published: 2024-10-18T15:15:04.17+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.3/10Actively ExploitedEPSS 3.85%

Last modified Jun 17, 2026

CVE-2024-9537 is a critical-severity vulnerability rated 9.3/10 on the CVSS scale. ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. CISA has confirmed active exploitation in the wild. EPSS estimates a 3.85% chance of exploitation in the next 30 days.

Description

ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 4.0

9.3/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red

EPSS Probability

3.85%

88.8th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by Nov 11, 2024.

Affected Software

Vendor	Product	Versions
Sciencelogic	Sl1	>= 10.1.0, < 12.1.3
Sciencelogic	Sl1	>= 12.2.0, < 12.2.3

References

https://arcticwolf.com/resources/blog/rackspace-breach-linked-to-zero-day-vulnerability-sciencelogic-sl1s-third-party-utility/Press/Media Coverage
https://community.sciencelogic.com/blog/latest-kb-articles-and-known-issues-blog-board/week-of-september-30-2024---latest-kb-articles-and-known-issues-part-1-of-2/1690Vendor Advisory
https://rackspace.service-now.com/system_status?id=detailed_status&service=4dafca5a87f41610568b206f8bbb35a6Third Party Advisory
https://support.sciencelogic.com/s/article/15465Permissions Required
https://support.sciencelogic.com/s/article/15527Permissions Required
https://twitter.com/ynezzor/status/1839931641172467907Third Party Advisory
https://www.bleepingcomputer.com/news/security/rackspace-monitoring-data-stolen-in-sciencelogic-zero-day-attack/Press/Media Coverage
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-9537Third Party Advisory, US Government Resource
https://www.theregister.com/2024/09/30/rackspace_zero_day_attack/Press/Media Coverage
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9537US Government Resource

Timeline

Published: Oct 18, 2024
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2024-9537?

How severe is CVE-2024-9537?

CVE-2024-9537 has a CVSS score of 9.3/10 (CRITICAL severity). The EPSS model estimates a 3.85% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

How do I fix CVE-2024-9537?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-9537?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST