CISA Adds Sciencelogic SL1 Unspecified Vulnerability to KEV Catalog
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
CISA has recently added a critical security vulnerability affecting ScienceLogic SL1 to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild.
This addition underscores the urgent need for organizations to address this vulnerability promptly to mitigate potential security risks.
The vulnerability tracked as CVE-2024-9537 has been assigned a CVSS v4 score of 9.3, indicating its critical severity.
It affects ScienceLogic SL1 (formerly known as EM7) and involves an unspecified third-party component packaged with the software.
The exact nature of the vulnerability has not been disclosed, but it could potentially lead to remote code execution
Affected Versions and Fixes
ScienceLogic has addressed the vulnerability in the following versions:
Additionally, remediations have been made available for older versions, including 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x. The vulnerability has been reportedly exploited as a zero-day attack.
Cloud hosting provider Rackspace acknowledged an issue with their ScienceLogic EM7 Portal, which resulted in unauthorized access to three internal Rackspace monitoring web servers.
This incident highlights the real-world impact of the vulnerability and the urgency of applying the necessary patches.
Federal Civilian Executive Branch (FCEB) agencies must apply the fixes by November 11, 2024, to protect their networks against potential threats.
Including this vulnerability in the KEV catalog signifies its high risk to organizations. CISA strongly recommends that private businesses, industry, and state, local, tribal, and territorial (SLTT) governments prioritize mitigating vulnerabilities listed in the catalog.
Adding the ScienceLogic SL1 vulnerability to CISA’s KEV catalog is a crucial reminder of the ongoing threats organizations face.
#Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
CISA Adds Sciencelogic SL1 Unspecified Vulnerability to KEV Catalog
Author: DhivyaCISA has recently added a critical security vulnerability affecting ScienceLogic SL1 to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild.
This addition underscores the urgent need for organizations to address this vulnerability promptly to mitigate potential security risks.
The vulnerability tracked as CVE-2024-9537 has been assigned a CVSS v4 score of 9.3, indicating its critical severity.
It affects ScienceLogic SL1 (formerly known as EM7) and involves an unspecified third-party component packaged with the software.
The exact nature of the vulnerability has not been disclosed, but it could potentially lead to remote code execution
Affected Versions and Fixes
ScienceLogic has addressed the vulnerability in the following versions:
- 12.1.3 and later
- 12.2.3 and later
- 12.3 and later
Additionally, remediations have been made available for older versions, including 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x. The vulnerability has been reportedly exploited as a zero-day attack.
Cloud hosting provider Rackspace acknowledged an issue with their ScienceLogic EM7 Portal, which resulted in unauthorized access to three internal Rackspace monitoring web servers.
This incident highlights the real-world impact of the vulnerability and the urgency of applying the necessary patches.
Federal Civilian Executive Branch (FCEB) agencies must apply the fixes by November 11, 2024, to protect their networks against potential threats.
Including this vulnerability in the KEV catalog signifies its high risk to organizations. CISA strongly recommends that private businesses, industry, and state, local, tribal, and territorial (SLTT) governments prioritize mitigating vulnerabilities listed in the catalog.
Adding the ScienceLogic SL1 vulnerability to CISA’s KEV catalog is a crucial reminder of the ongoing threats organizations face.
#Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
