Detections
Analytics

ScienceLogic SL1 10.1.x < 12.1.3 / 12.2.x < 12.2.3 (CVE-2024-9537)

critical Nessus Plugin ID 290248

Language:

Synopsis

The remote ScienceLogic SL1 host is affected by a critical unspecified vulnerability.

Description

The version of ScienceLogic SL1 (formerly EM7) installed on the remote host is prior to 12.1.3, 12.2.3, or 12.3. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-9537 advisory.

 - ScienceLogic SL1 is affected by an unspecified vulnerability involving an unspecified third-party component packaged with the platform. Successful exploitation of this vulnerability could allow a remote, unauthenticated attacker to perform unauthorized actions on the system. This vulnerability has been observed in active exploitation in the wild. This affects SL1 versions from 10.1.x through 12.1.2 and versions 12.2.x through 12.2.2. (CVE-2024-9537)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update to Kibana version 12.1.3, 12.2.3, 12.3 or later.

See Also

http://www.nessus.org/u?3264fc00

Plugin Details

Severity: Critical

ID: 290248

File Name: sciencelogic_sl1_CVE-2024-9537.nasl

Version: 1.2

Type: remote

Family: Misc.

Published: 1/16/2026

Updated: 2/6/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2024-9537

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS v4

Risk Factor: Critical

Base Score: 9.3

Threat Score: 9.3

Threat Vector: CVSS:4.0/E:A

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Vulnerability Information

CPE: cpe:/a:sciencelogic:sl1

Required KB Items: installed_sw/ScienceLogic Skylar One

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/18/2024

Vulnerability Publication Date: 10/18/2024

CISA Known Exploited Vulnerability Due Dates: 11/11/2024

Reference Information

CVE: CVE-2024-9537