ScienceLogic was founded with a mission to develop intelligent, scalable technology solutions that provide IT professionals with a unified view across diverse systems, enabling rapid insights and proactive issue prevention.
ScienceLogic has identified a zero-day remote code execution vulnerability within a third-party utility that is delivered with the SL1 package. We assess this as a CRITICAL severity vulnerability and have confirmed that the vulnerability has been exploited in one instance.
Therefore, we recommend immediately that you follow the remediation steps described below. We are committed to assisting to our customers and partners with any processes or concerns.
What Happened:
ScienceLogic recently released a patch for a vulnerability that affected all versions of ScienceLogic SL1, including extended architecture.
A zero-day remote code execution in a third-party utility module which is used by SL1 was identified. The relevant functionality exhibiting this issue is present on DE, CDB, AP, and AiO appliances (including all HA/DR appliances), but not collectors.
Restorepoint, PowerFlow, and Skylar AI (including Skylar Automated Root Cause Analysis formerly known as Zebrium) are not impacted by this vulnerability.
What We Did:
ScienceLogic has patched all ScienceLogic hosted SaaS SL1 systems. At this time, there is no further action needed from SaaS customers.
All on-premises customers are strongly encouraged to apply the patch update for your SL1 version immediately via the Knowledge Base article.
For more details, please refer to this Knowledge Base article available for Support Portal registered customers. If you have any questions or concerns, please don't hesitate to contact your Customer Engagement Manager.
Security Vulnerability Incident
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.