Search criteria
81 vulnerabilities found for solarwinds_platform by solarwinds
FKIE_CVE-2024-52606
Vulnerability from fkie_nvd - Published: 2025-02-11 08:15 - Updated: 2025-02-25 17:35
Severity ?
3.5 (Low) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
SolarWinds Platform is affected by server-side request forgery vulnerability. Proper input sanitation was not applied allowing for the possibility of a malicious web request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | solarwinds_platform | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16115A67-2611-4E68-A5F7-5D54589FC5D2",
"versionEndExcluding": "2025.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Platform is affected by server-side request forgery vulnerability. Proper input sanitation was not applied allowing for the possibility of a malicious web request."
},
{
"lang": "es",
"value": "La plataforma SolarWinds se ve afectada por la vulnerabilidad server-side request forgery. No se aplic\u00f3 la depuraci\u00f3n de entrada adecuada, lo que permiti\u00f3 la posibilidad de una solicitud web maliciosa."
}
],
"id": "CVE-2024-52606",
"lastModified": "2025-02-25T17:35:43.813",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "psirt@solarwinds.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-11T08:15:31.133",
"references": [
{
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2025-1_release_notes.htm"
},
{
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-52606"
}
],
"sourceIdentifier": "psirt@solarwinds.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "psirt@solarwinds.com",
"type": "Primary"
}
]
}
FKIE_CVE-2024-52612
Vulnerability from fkie_nvd - Published: 2025-02-11 08:15 - Updated: 2025-02-25 17:29
Severity ?
6.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. This vulnerability requires authentication by a high- privileged account to be exploitable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | solarwinds_platform | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16115A67-2611-4E68-A5F7-5D54589FC5D2",
"versionEndExcluding": "2025.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. This vulnerability requires authentication by a high- privileged account to be exploitable."
},
{
"lang": "es",
"value": "SolarWinds Platform es vulnerable a una vulnerabilidad de cross-site scripting reflejado. Esto se debi\u00f3 a una depuraci\u00f3n insuficiente de los par\u00e1metros de entrada. Para poder explotar esta vulnerabilidad, es necesario que una cuenta con privilegios elevados est\u00e9 autenticada."
}
],
"id": "CVE-2024-52612",
"lastModified": "2025-02-25T17:29:43.643",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "psirt@solarwinds.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-11T08:15:31.433",
"references": [
{
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2025-1_release_notes.htm"
},
{
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2024-52612"
}
],
"sourceIdentifier": "psirt@solarwinds.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@solarwinds.com",
"type": "Primary"
}
]
}
FKIE_CVE-2024-52611
Vulnerability from fkie_nvd - Published: 2025-02-11 08:15 - Updated: 2025-02-25 17:30
Severity ?
Summary
The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. While the data does not provide anything sensitive, the information could assist an attacker in other malicious actions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | solarwinds_platform | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16115A67-2611-4E68-A5F7-5D54589FC5D2",
"versionEndExcluding": "2025.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. While the data does not provide anything sensitive, the information could assist an attacker in other malicious actions."
},
{
"lang": "es",
"value": "La plataforma SolarWinds es vulnerable a una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s de un mensaje de error. Si bien los datos no brindan informaci\u00f3n confidencial, podr\u00edan ayudar a un atacante a realizar otras acciones maliciosas."
}
],
"id": "CVE-2024-52611",
"lastModified": "2025-02-25T17:30:27.797",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "psirt@solarwinds.com",
"type": "Primary"
}
]
},
"published": "2025-02-11T08:15:31.280",
"references": [
{
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2025-1_release_notes.htm"
},
{
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-52611"
}
],
"sourceIdentifier": "psirt@solarwinds.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "psirt@solarwinds.com",
"type": "Primary"
}
]
}
FKIE_CVE-2024-45717
Vulnerability from fkie_nvd - Published: 2024-12-04 07:15 - Updated: 2025-02-06 16:23
Severity ?
7.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
4.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | solarwinds_platform | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "395CD8C2-85F0-4C12-85F3-899E15DE89E2",
"versionEndExcluding": "2024.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction."
},
{
"lang": "es",
"value": " La plataforma SolarWinds era susceptible a una vulnerabilidad XSS que afecta la secci\u00f3n de b\u00fasqueda e informaci\u00f3n de nodos de la interfaz de usuario. Esta vulnerabilidad requiere autenticaci\u00f3n y requiere interacci\u00f3n del usuario."
}
],
"id": "CVE-2024-45717",
"lastModified": "2025-02-06T16:23:40.557",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 5.5,
"source": "psirt@solarwinds.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-12-04T07:15:06.167",
"references": [
{
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-4-1_release_notes.htm"
},
{
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45717"
}
],
"sourceIdentifier": "psirt@solarwinds.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@solarwinds.com",
"type": "Primary"
}
]
}
FKIE_CVE-2024-45715
Vulnerability from fkie_nvd - Published: 2024-10-16 08:15 - Updated: 2025-02-26 18:47
Severity ?
7.1 (High) - CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L
5.2 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.2 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | solarwinds_platform | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD15A9FD-6D72-462F-A816-7F2F225C0B39",
"versionEndExcluding": "2024.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements."
},
{
"lang": "es",
"value": "La plataforma SolarWinds era susceptible a una vulnerabilidad de cross-site scripting al realizar una funci\u00f3n de edici\u00f3n en elementos existentes."
}
],
"id": "CVE-2024-45715",
"lastModified": "2025-02-26T18:47:19.923",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.3,
"source": "psirt@solarwinds.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-16T08:15:07.110",
"references": [
{
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45715"
}
],
"sourceIdentifier": "psirt@solarwinds.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@solarwinds.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-45710
Vulnerability from fkie_nvd - Published: 2024-10-16 08:15 - Updated: 2024-10-17 20:18
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | solarwinds_platform | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD15A9FD-6D72-462F-A816-7F2F225C0B39",
"versionEndExcluding": "2024.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine."
},
{
"lang": "es",
"value": "La plataforma SolarWinds es susceptible a una vulnerabilidad de escalada de privilegios locales en elementos de ruta de b\u00fasqueda no controlados. Esto requiere una cuenta con privilegios bajos y acceso local a la m\u00e1quina del nodo afectado."
}
],
"id": "CVE-2024-45710",
"lastModified": "2024-10-17T20:18:04.277",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@solarwinds.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-16T08:15:06.387",
"references": [
{
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45710"
}
],
"sourceIdentifier": "psirt@solarwinds.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "psirt@solarwinds.com",
"type": "Primary"
}
]
}
FKIE_CVE-2024-28999
Vulnerability from fkie_nvd - Published: 2024-06-04 15:15 - Updated: 2025-02-26 18:46
Severity ?
6.4 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
7.5 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | solarwinds_platform | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C90C89E-063A-4538-B56D-CDDA6146CEA1",
"versionEndExcluding": "2024.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console. "
},
{
"lang": "es",
"value": "Se determin\u00f3 que la plataforma SolarWinds estaba afectada por una vulnerabilidad de condici\u00f3n de ejecuci\u00f3n que afectaba a la consola web."
}
],
"id": "CVE-2024-28999",
"lastModified": "2025-02-26T18:46:32.533",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 4.7,
"source": "psirt@solarwinds.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-04T15:15:45.247",
"references": [
{
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm"
},
{
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28999"
}
],
"sourceIdentifier": "psirt@solarwinds.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "psirt@solarwinds.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-29004
Vulnerability from fkie_nvd - Published: 2024-06-04 15:15 - Updated: 2025-02-26 18:47
Severity ?
7.1 (High) - CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | solarwinds_platform | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C90C89E-063A-4538-B56D-CDDA6146CEA1",
"versionEndExcluding": "2024.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability. "
},
{
"lang": "es",
"value": "Se determin\u00f3 que la plataforma SolarWinds estaba afectada por una vulnerabilidad de cross-site scripting almacenado que afectaba a la consola web. Se requiere un usuario con altos privilegios y la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad."
}
],
"id": "CVE-2024-29004",
"lastModified": "2025-02-26T18:47:06.700",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.3,
"source": "psirt@solarwinds.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-04T15:15:45.527",
"references": [
{
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm"
},
{
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-29004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-29004"
}
],
"sourceIdentifier": "psirt@solarwinds.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@solarwinds.com",
"type": "Primary"
}
]
}
FKIE_CVE-2024-28996
Vulnerability from fkie_nvd - Published: 2024-06-04 15:15 - Updated: 2025-02-26 18:46
Severity ?
7.5 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | solarwinds_platform | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C90C89E-063A-4538-B56D-CDDA6146CEA1",
"versionEndExcluding": "2024.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability. \u00a0\n"
},
{
"lang": "es",
"value": "Se determin\u00f3 que la plataforma SolarWinds estaba afectada por una vulnerabilidad de inyecci\u00f3n SWQL. La complejidad del ataque es alta para esta vulnerabilidad."
}
],
"id": "CVE-2024-28996",
"lastModified": "2025-02-26T18:46:16.547",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "psirt@solarwinds.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-04T15:15:44.993",
"references": [
{
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm"
},
{
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28996"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28996"
}
],
"sourceIdentifier": "psirt@solarwinds.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "psirt@solarwinds.com",
"type": "Primary"
}
]
}
FKIE_CVE-2024-29000
Vulnerability from fkie_nvd - Published: 2024-05-20 19:15 - Updated: 2025-02-26 18:46
Severity ?
7.9 (High) - CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
The SolarWinds Platform was determined to be affected by a reflected cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | solarwinds_platform | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD54592D-638F-4F95-A038-BE9F24E02E64",
"versionEndExcluding": "2024.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SolarWinds Platform was determined to be affected by a reflected cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability. "
},
{
"lang": "es",
"value": "Se determin\u00f3 que la plataforma SolarWinds estaba afectada por una vulnerabilidad de cross site scripting reflejado que afectaba a la consola web. Se requiere un usuario con altos privilegios y la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad."
}
],
"id": "CVE-2024-29000",
"lastModified": "2025-02-26T18:46:41.947",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 6.0,
"source": "psirt@solarwinds.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-20T19:15:08.430",
"references": [
{
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm"
},
{
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-29000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-29000"
}
],
"sourceIdentifier": "psirt@solarwinds.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@solarwinds.com",
"type": "Primary"
}
]
}
CVE-2024-52611 (GCVE-0-2024-52611)
Vulnerability from cvelistv5 – Published: 2025-02-11 07:25 – Updated: 2025-02-11 15:14
VLAI?
Summary
The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. While the data does not provide anything sensitive, the information could assist an attacker in other malicious actions.
Severity ?
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | SolarWinds Platform |
Affected:
2024.4.1 and previous versions
|
Credits
Vicky Malekar, Ravi Khanchani and Techsa SolarWinds Team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52611",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T15:14:29.023205Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T15:14:42.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"64 bit"
],
"product": "SolarWinds Platform",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "2024.4.1 and previous versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Vicky Malekar, Ravi Khanchani and Techsa SolarWinds Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. While the data does not provide anything sensitive, the information could assist an attacker in other malicious actions."
}
],
"value": "The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. While the data does not provide anything sensitive, the information could assist an attacker in other malicious actions."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T07:25:02.977Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2025-1_release_notes.htm"
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-52611"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends customers upgrade to SolarWinds Platform 2025.1 as soon as it becomes available. \u003cbr\u003e"
}
],
"value": "SolarWinds recommends customers upgrade to SolarWinds Platform 2025.1 as soon as it becomes available."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Platform Information Disclosure Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-52611",
"datePublished": "2025-02-11T07:25:02.977Z",
"dateReserved": "2024-11-14T20:40:33.287Z",
"dateUpdated": "2025-02-11T15:14:42.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52612 (GCVE-0-2024-52612)
Vulnerability from cvelistv5 – Published: 2025-02-11 07:21 – Updated: 2025-02-19 04:55
VLAI?
Summary
SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. This vulnerability requires authentication by a high- privileged account to be exploitable.
Severity ?
6.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | SolarWinds Platform |
Affected:
2024.4.1 and previous versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52612",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T04:55:13.422Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"64 bit"
],
"product": "SolarWinds Platform",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "2024.4.1 and previous versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. This vulnerability requires authentication by a high- privileged account to be exploitable."
}
],
"value": "SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. This vulnerability requires authentication by a high- privileged account to be exploitable."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T22:03:07.928Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2025-1_release_notes.htm"
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2024-52612"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends customers upgrade to SolarWinds Platform 2025.1 as soon as it becomes available. \u003cp\u003e \u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "SolarWinds recommends customers upgrade to SolarWinds Platform 2025.1 as soon as it becomes available."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Platform Reflected Cross-Site Scripting Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-52612",
"datePublished": "2025-02-11T07:21:17.835Z",
"dateReserved": "2024-11-14T20:40:33.287Z",
"dateUpdated": "2025-02-19T04:55:13.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52606 (GCVE-0-2024-52606)
Vulnerability from cvelistv5 – Published: 2025-02-11 07:17 – Updated: 2025-02-11 15:25
VLAI?
Summary
SolarWinds Platform is affected by server-side request forgery vulnerability. Proper input sanitation was not applied allowing for the possibility of a malicious web request.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | SolarWinds |
Affected:
2024.4.1 and previous versions
|
Credits
Anonymous working with Trend Micro Zero Day Initiative
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52606",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T15:25:02.914476Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T15:25:40.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "SolarWinds Platform",
"platforms": [
"Windows",
"64 bit"
],
"product": "SolarWinds",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "2024.4.1 and previous versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Anonymous working with Trend Micro Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds Platform is affected by server-side request forgery vulnerability. Proper input sanitation was not applied allowing for the possibility of a malicious web request."
}
],
"value": "SolarWinds Platform is affected by server-side request forgery vulnerability. Proper input sanitation was not applied allowing for the possibility of a malicious web request."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T07:17:05.645Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2025-1_release_notes.htm"
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-52606"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends customers upgrade to SolarWinds Platform 2025.1 as soon as it becomes available. \u003cp\u003e \u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "SolarWinds recommends customers upgrade to SolarWinds Platform 2025.1 as soon as it becomes available."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Platform Server-Side Request Forgery Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-52606",
"datePublished": "2025-02-11T07:17:05.645Z",
"dateReserved": "2024-11-14T20:40:33.286Z",
"dateUpdated": "2025-02-11T15:25:40.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45717 (GCVE-0-2024-45717)
Vulnerability from cvelistv5 – Published: 2024-12-04 07:05 – Updated: 2024-12-06 04:55
VLAI?
Summary
The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | SolarWinds Platform |
Affected:
SolarWinds Platform 2024.4 and prior versions
|
Credits
Frank Lycops, NATO Cyber Security Centre
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45717",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T04:55:20.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SolarWinds Platform",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "SolarWinds Platform 2024.4 and prior versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Frank Lycops, NATO Cyber Security Centre"
}
],
"datePublic": "2024-12-04T08:24:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction.\u003cbr\u003e"
}
],
"value": "The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T07:05:57.712Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45717"
},
{
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-4-1_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends that customers upgrade to SolarWinds Platform 2024.4.1 as soon as it becomes available.\n\n\u003cbr\u003e"
}
],
"value": "SolarWinds recommends that customers upgrade to SolarWinds Platform 2024.4.1 as soon as it becomes available."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SolarWinds Platform Cross- Site Scripting Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-45717",
"datePublished": "2024-12-04T07:05:57.712Z",
"dateReserved": "2024-09-05T08:28:03.888Z",
"dateUpdated": "2024-12-06T04:55:20.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45715 (GCVE-0-2024-45715)
Vulnerability from cvelistv5 – Published: 2024-10-16 07:17 – Updated: 2024-10-16 13:27
VLAI?
Summary
The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | SolarWinds Platform |
Affected:
SolarWinds Platform 2024.2.1 and previous versions
|
Credits
Maksym Vatsyk from Visa Cybersecurity Team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45715",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T13:27:01.938888Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T13:27:15.463Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SolarWinds Platform",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "SolarWinds Platform 2024.2.1 and previous versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Maksym Vatsyk from Visa Cybersecurity Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements."
}
],
"value": "The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T07:17:59.891Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45715"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends that customers upgrade to SolarWinds Platform 2024.4 as soon as it becomes available.\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "SolarWinds recommends that customers upgrade to SolarWinds Platform 2024.4 as soon as it becomes available."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SolarWinds Platform Edit Function Cross-Site Scripting Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-45715",
"datePublished": "2024-10-16T07:17:59.891Z",
"dateReserved": "2024-09-05T08:28:03.888Z",
"dateUpdated": "2024-10-16T13:27:15.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45710 (GCVE-0-2024-45710)
Vulnerability from cvelistv5 – Published: 2024-10-16 07:16 – Updated: 2025-03-01 04:55
VLAI?
Summary
SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine.
Severity ?
7.8 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | SolarWinds Platform |
Affected:
SolarWinds Platform 2024.2.1 and previous versions
|
Credits
Will Dormann working with Trend Micro Zero Day Initiative
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "solarwinds_platform",
"vendor": "solarwinds",
"versions": [
{
"lessThanOrEqual": "2024.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45710",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-01T04:55:52.193Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SolarWinds Platform",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "SolarWinds Platform 2024.2.1 and previous versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Will Dormann working with Trend Micro Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine."
}
],
"value": "SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T07:16:37.504Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45710"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends that customers upgrade to SolarWinds Platform 2024.4 as soon as it becomes available.\n\n\u003cbr\u003e"
}
],
"value": "SolarWinds recommends that customers upgrade to SolarWinds Platform 2024.4 as soon as it becomes available."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SolarWinds Platform Uncontrolled Search Path Element Local Privilege Escalation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-45710",
"datePublished": "2024-10-16T07:16:37.504Z",
"dateReserved": "2024-09-05T08:28:03.887Z",
"dateUpdated": "2025-03-01T04:55:52.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29004 (GCVE-0-2024-29004)
Vulnerability from cvelistv5 – Published: 2024-06-04 14:53 – Updated: 2024-08-02 01:03
VLAI?
Summary
The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | SolarWinds Platform |
Affected:
2024.1.1 and previous versions
|
Credits
Jakub Brzozowski, Kamil Falkiewicz, Szymon Jacek with STM Cyber
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "solarwinds_platform",
"vendor": "solarwinds",
"versions": [
{
"lessThanOrEqual": "2024.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29004",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T14:13:13.058918Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T14:18:57.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:51.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-29004"
},
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SolarWinds Platform ",
"vendor": "SolarWinds ",
"versions": [
{
"status": "affected",
"version": "2024.1.1 and previous versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jakub Brzozowski, Kamil Falkiewicz, Szymon Jacek with STM Cyber"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability. "
}
],
"value": "The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability. "
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T14:53:26.256Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-29004"
},
{
"tags": [
"release-notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cbr\u003eSolarWinds recommends that customers upgrade to SolarWinds Platform 2024.2 as soon as it becomes available.\u003cbr\u003e \u003cbr\u003e\u003cbr\u003e"
}
],
"value": "SolarWinds recommends that customers upgrade to SolarWinds Platform 2024.2 as soon as it becomes available.\n \n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SolarWinds Platform Stored XSS Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-29004",
"datePublished": "2024-06-04T14:53:26.256Z",
"dateReserved": "2024-03-13T20:27:16.320Z",
"dateUpdated": "2024-08-02T01:03:51.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28999 (GCVE-0-2024-28999)
Vulnerability from cvelistv5 – Published: 2024-06-04 14:51 – Updated: 2024-08-02 01:03
VLAI?
Summary
The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console.
Severity ?
6.4 (Medium)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | SolarWinds Platform |
Affected:
2024.1.1 and previous versions
|
Credits
Elhussain Fathy (0xSphinx)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:solarwinds:solarwinds_platform:2024.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "solarwinds_platform",
"vendor": "solarwinds",
"versions": [
{
"lessThanOrEqual": "2024.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28999",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T14:04:43.484740Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T15:36:31.610Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:51.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28999"
},
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SolarWinds Platform",
"vendor": "SolarWinds ",
"versions": [
{
"status": "affected",
"version": "2024.1.1 and previous versions "
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Elhussain Fathy (0xSphinx)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console. "
}
],
"value": "The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console. "
}
],
"impacts": [
{
"capecId": "CAPEC-26",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-26 Leveraging Race Conditions"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T14:51:56.682Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28999"
},
{
"tags": [
"release-notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cbr\u003eSolarWinds recommends that customers upgrade to SolarWinds Platform 2024.2 as soon as it becomes available.\u003cbr\u003e \u003cbr\u003e\u003cbr\u003e"
}
],
"value": "SolarWinds recommends that customers upgrade to SolarWinds Platform 2024.2 as soon as it becomes available.\n \n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SolarWinds Platform Race Condition Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-28999",
"datePublished": "2024-06-04T14:51:56.682Z",
"dateReserved": "2024-03-13T20:27:16.319Z",
"dateUpdated": "2024-08-02T01:03:51.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28996 (GCVE-0-2024-28996)
Vulnerability from cvelistv5 – Published: 2024-06-04 14:49 – Updated: 2024-08-02 01:03
VLAI?
Summary
The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability.
Severity ?
7.5 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | SolarWinds Platform |
Affected:
2024.1.1 and previous versions
|
Credits
Nils Putnins from NATO
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "solarwinds_platform",
"vendor": "solarwinds",
"versions": [
{
"lessThanOrEqual": "2024.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28996",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T15:23:14.577387Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T05:15:36.855Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:51.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28996"
},
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SolarWinds Platform ",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "2024.1.1 and previous versions "
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nils Putnins from NATO "
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability. \u0026nbsp;\u003cbr\u003e"
}
],
"value": "The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability. \u00a0\n"
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T14:49:53.075Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28996"
},
{
"tags": [
"release-notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cbr\u003eSolarWinds recommends that customers upgrade to SolarWinds Platform 2024.2 as soon as it becomes available.\u003cbr\u003e \u003cbr\u003e\u003cbr\u003e"
}
],
"value": "SolarWinds recommends that customers upgrade to SolarWinds Platform 2024.2 as soon as it becomes available.\n \n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SolarWinds Platform SWQL Injection Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-28996",
"datePublished": "2024-06-04T14:49:53.075Z",
"dateReserved": "2024-03-13T20:27:16.318Z",
"dateUpdated": "2024-08-02T01:03:51.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29000 (GCVE-0-2024-29000)
Vulnerability from cvelistv5 – Published: 2024-05-20 18:26 – Updated: 2024-08-02 01:03
VLAI?
Summary
The SolarWinds Platform was determined to be affected by a reflected cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability.
Severity ?
7.9 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | SolarWinds Platform |
Affected:
2024.1 and Previous Versions
|
Credits
Lidor Levy
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "solarwinds_platform",
"vendor": "solarwinds",
"versions": [
{
"lessThanOrEqual": "2024.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29000",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T14:04:25.655955Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T15:36:39.203Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:51.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-29000"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SolarWinds Platform ",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "2024.1 and Previous Versions "
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Lidor Levy"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The SolarWinds Platform was determined to be affected by a reflected cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability. "
}
],
"value": "The SolarWinds Platform was determined to be affected by a reflected cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability. "
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-20T18:26:18.573Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm"
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-29000"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nSolarWinds recommends that customers upgrade to SolarWinds Platform 2024.1.1 as soon as it becomes available.\n\n\u003cbr\u003e"
}
],
"value": "\nSolarWinds recommends that customers upgrade to SolarWinds Platform 2024.1.1 as soon as it becomes available.\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Platform Reflected XSS Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-29000",
"datePublished": "2024-05-20T18:26:18.573Z",
"dateReserved": "2024-03-13T20:27:16.319Z",
"dateUpdated": "2024-08-02T01:03:51.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52611 (GCVE-0-2024-52611)
Vulnerability from nvd – Published: 2025-02-11 07:25 – Updated: 2025-02-11 15:14
VLAI?
Summary
The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. While the data does not provide anything sensitive, the information could assist an attacker in other malicious actions.
Severity ?
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | SolarWinds Platform |
Affected:
2024.4.1 and previous versions
|
Credits
Vicky Malekar, Ravi Khanchani and Techsa SolarWinds Team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52611",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T15:14:29.023205Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T15:14:42.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"64 bit"
],
"product": "SolarWinds Platform",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "2024.4.1 and previous versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Vicky Malekar, Ravi Khanchani and Techsa SolarWinds Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. While the data does not provide anything sensitive, the information could assist an attacker in other malicious actions."
}
],
"value": "The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. While the data does not provide anything sensitive, the information could assist an attacker in other malicious actions."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T07:25:02.977Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2025-1_release_notes.htm"
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-52611"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends customers upgrade to SolarWinds Platform 2025.1 as soon as it becomes available. \u003cbr\u003e"
}
],
"value": "SolarWinds recommends customers upgrade to SolarWinds Platform 2025.1 as soon as it becomes available."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Platform Information Disclosure Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-52611",
"datePublished": "2025-02-11T07:25:02.977Z",
"dateReserved": "2024-11-14T20:40:33.287Z",
"dateUpdated": "2025-02-11T15:14:42.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52612 (GCVE-0-2024-52612)
Vulnerability from nvd – Published: 2025-02-11 07:21 – Updated: 2025-02-19 04:55
VLAI?
Summary
SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. This vulnerability requires authentication by a high- privileged account to be exploitable.
Severity ?
6.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | SolarWinds Platform |
Affected:
2024.4.1 and previous versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52612",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T04:55:13.422Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"64 bit"
],
"product": "SolarWinds Platform",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "2024.4.1 and previous versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. This vulnerability requires authentication by a high- privileged account to be exploitable."
}
],
"value": "SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. This vulnerability requires authentication by a high- privileged account to be exploitable."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T22:03:07.928Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2025-1_release_notes.htm"
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2024-52612"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends customers upgrade to SolarWinds Platform 2025.1 as soon as it becomes available. \u003cp\u003e \u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "SolarWinds recommends customers upgrade to SolarWinds Platform 2025.1 as soon as it becomes available."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Platform Reflected Cross-Site Scripting Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-52612",
"datePublished": "2025-02-11T07:21:17.835Z",
"dateReserved": "2024-11-14T20:40:33.287Z",
"dateUpdated": "2025-02-19T04:55:13.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52606 (GCVE-0-2024-52606)
Vulnerability from nvd – Published: 2025-02-11 07:17 – Updated: 2025-02-11 15:25
VLAI?
Summary
SolarWinds Platform is affected by server-side request forgery vulnerability. Proper input sanitation was not applied allowing for the possibility of a malicious web request.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | SolarWinds |
Affected:
2024.4.1 and previous versions
|
Credits
Anonymous working with Trend Micro Zero Day Initiative
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52606",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T15:25:02.914476Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T15:25:40.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "SolarWinds Platform",
"platforms": [
"Windows",
"64 bit"
],
"product": "SolarWinds",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "2024.4.1 and previous versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Anonymous working with Trend Micro Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds Platform is affected by server-side request forgery vulnerability. Proper input sanitation was not applied allowing for the possibility of a malicious web request."
}
],
"value": "SolarWinds Platform is affected by server-side request forgery vulnerability. Proper input sanitation was not applied allowing for the possibility of a malicious web request."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T07:17:05.645Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2025-1_release_notes.htm"
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-52606"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends customers upgrade to SolarWinds Platform 2025.1 as soon as it becomes available. \u003cp\u003e \u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "SolarWinds recommends customers upgrade to SolarWinds Platform 2025.1 as soon as it becomes available."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Platform Server-Side Request Forgery Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-52606",
"datePublished": "2025-02-11T07:17:05.645Z",
"dateReserved": "2024-11-14T20:40:33.286Z",
"dateUpdated": "2025-02-11T15:25:40.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45717 (GCVE-0-2024-45717)
Vulnerability from nvd – Published: 2024-12-04 07:05 – Updated: 2024-12-06 04:55
VLAI?
Summary
The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | SolarWinds Platform |
Affected:
SolarWinds Platform 2024.4 and prior versions
|
Credits
Frank Lycops, NATO Cyber Security Centre
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45717",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T04:55:20.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SolarWinds Platform",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "SolarWinds Platform 2024.4 and prior versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Frank Lycops, NATO Cyber Security Centre"
}
],
"datePublic": "2024-12-04T08:24:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction.\u003cbr\u003e"
}
],
"value": "The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T07:05:57.712Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45717"
},
{
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-4-1_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends that customers upgrade to SolarWinds Platform 2024.4.1 as soon as it becomes available.\n\n\u003cbr\u003e"
}
],
"value": "SolarWinds recommends that customers upgrade to SolarWinds Platform 2024.4.1 as soon as it becomes available."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SolarWinds Platform Cross- Site Scripting Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-45717",
"datePublished": "2024-12-04T07:05:57.712Z",
"dateReserved": "2024-09-05T08:28:03.888Z",
"dateUpdated": "2024-12-06T04:55:20.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45715 (GCVE-0-2024-45715)
Vulnerability from nvd – Published: 2024-10-16 07:17 – Updated: 2024-10-16 13:27
VLAI?
Summary
The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | SolarWinds Platform |
Affected:
SolarWinds Platform 2024.2.1 and previous versions
|
Credits
Maksym Vatsyk from Visa Cybersecurity Team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45715",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T13:27:01.938888Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T13:27:15.463Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SolarWinds Platform",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "SolarWinds Platform 2024.2.1 and previous versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Maksym Vatsyk from Visa Cybersecurity Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements."
}
],
"value": "The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T07:17:59.891Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45715"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends that customers upgrade to SolarWinds Platform 2024.4 as soon as it becomes available.\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "SolarWinds recommends that customers upgrade to SolarWinds Platform 2024.4 as soon as it becomes available."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SolarWinds Platform Edit Function Cross-Site Scripting Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-45715",
"datePublished": "2024-10-16T07:17:59.891Z",
"dateReserved": "2024-09-05T08:28:03.888Z",
"dateUpdated": "2024-10-16T13:27:15.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45710 (GCVE-0-2024-45710)
Vulnerability from nvd – Published: 2024-10-16 07:16 – Updated: 2025-03-01 04:55
VLAI?
Summary
SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine.
Severity ?
7.8 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | SolarWinds Platform |
Affected:
SolarWinds Platform 2024.2.1 and previous versions
|
Credits
Will Dormann working with Trend Micro Zero Day Initiative
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "solarwinds_platform",
"vendor": "solarwinds",
"versions": [
{
"lessThanOrEqual": "2024.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45710",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-01T04:55:52.193Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SolarWinds Platform",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "SolarWinds Platform 2024.2.1 and previous versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Will Dormann working with Trend Micro Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine."
}
],
"value": "SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T07:16:37.504Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45710"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends that customers upgrade to SolarWinds Platform 2024.4 as soon as it becomes available.\n\n\u003cbr\u003e"
}
],
"value": "SolarWinds recommends that customers upgrade to SolarWinds Platform 2024.4 as soon as it becomes available."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SolarWinds Platform Uncontrolled Search Path Element Local Privilege Escalation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-45710",
"datePublished": "2024-10-16T07:16:37.504Z",
"dateReserved": "2024-09-05T08:28:03.887Z",
"dateUpdated": "2025-03-01T04:55:52.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29004 (GCVE-0-2024-29004)
Vulnerability from nvd – Published: 2024-06-04 14:53 – Updated: 2024-08-02 01:03
VLAI?
Summary
The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | SolarWinds Platform |
Affected:
2024.1.1 and previous versions
|
Credits
Jakub Brzozowski, Kamil Falkiewicz, Szymon Jacek with STM Cyber
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "solarwinds_platform",
"vendor": "solarwinds",
"versions": [
{
"lessThanOrEqual": "2024.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29004",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T14:13:13.058918Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T14:18:57.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:51.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-29004"
},
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SolarWinds Platform ",
"vendor": "SolarWinds ",
"versions": [
{
"status": "affected",
"version": "2024.1.1 and previous versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jakub Brzozowski, Kamil Falkiewicz, Szymon Jacek with STM Cyber"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability. "
}
],
"value": "The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability. "
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T14:53:26.256Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-29004"
},
{
"tags": [
"release-notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cbr\u003eSolarWinds recommends that customers upgrade to SolarWinds Platform 2024.2 as soon as it becomes available.\u003cbr\u003e \u003cbr\u003e\u003cbr\u003e"
}
],
"value": "SolarWinds recommends that customers upgrade to SolarWinds Platform 2024.2 as soon as it becomes available.\n \n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SolarWinds Platform Stored XSS Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-29004",
"datePublished": "2024-06-04T14:53:26.256Z",
"dateReserved": "2024-03-13T20:27:16.320Z",
"dateUpdated": "2024-08-02T01:03:51.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28999 (GCVE-0-2024-28999)
Vulnerability from nvd – Published: 2024-06-04 14:51 – Updated: 2024-08-02 01:03
VLAI?
Summary
The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console.
Severity ?
6.4 (Medium)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | SolarWinds Platform |
Affected:
2024.1.1 and previous versions
|
Credits
Elhussain Fathy (0xSphinx)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:solarwinds:solarwinds_platform:2024.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "solarwinds_platform",
"vendor": "solarwinds",
"versions": [
{
"lessThanOrEqual": "2024.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28999",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T14:04:43.484740Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T15:36:31.610Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:51.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28999"
},
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SolarWinds Platform",
"vendor": "SolarWinds ",
"versions": [
{
"status": "affected",
"version": "2024.1.1 and previous versions "
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Elhussain Fathy (0xSphinx)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console. "
}
],
"value": "The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console. "
}
],
"impacts": [
{
"capecId": "CAPEC-26",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-26 Leveraging Race Conditions"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T14:51:56.682Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28999"
},
{
"tags": [
"release-notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cbr\u003eSolarWinds recommends that customers upgrade to SolarWinds Platform 2024.2 as soon as it becomes available.\u003cbr\u003e \u003cbr\u003e\u003cbr\u003e"
}
],
"value": "SolarWinds recommends that customers upgrade to SolarWinds Platform 2024.2 as soon as it becomes available.\n \n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SolarWinds Platform Race Condition Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-28999",
"datePublished": "2024-06-04T14:51:56.682Z",
"dateReserved": "2024-03-13T20:27:16.319Z",
"dateUpdated": "2024-08-02T01:03:51.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28996 (GCVE-0-2024-28996)
Vulnerability from nvd – Published: 2024-06-04 14:49 – Updated: 2024-08-02 01:03
VLAI?
Summary
The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability.
Severity ?
7.5 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | SolarWinds Platform |
Affected:
2024.1.1 and previous versions
|
Credits
Nils Putnins from NATO
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "solarwinds_platform",
"vendor": "solarwinds",
"versions": [
{
"lessThanOrEqual": "2024.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28996",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T15:23:14.577387Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T05:15:36.855Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:51.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28996"
},
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SolarWinds Platform ",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "2024.1.1 and previous versions "
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nils Putnins from NATO "
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability. \u0026nbsp;\u003cbr\u003e"
}
],
"value": "The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability. \u00a0\n"
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T14:49:53.075Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28996"
},
{
"tags": [
"release-notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cbr\u003eSolarWinds recommends that customers upgrade to SolarWinds Platform 2024.2 as soon as it becomes available.\u003cbr\u003e \u003cbr\u003e\u003cbr\u003e"
}
],
"value": "SolarWinds recommends that customers upgrade to SolarWinds Platform 2024.2 as soon as it becomes available.\n \n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SolarWinds Platform SWQL Injection Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-28996",
"datePublished": "2024-06-04T14:49:53.075Z",
"dateReserved": "2024-03-13T20:27:16.318Z",
"dateUpdated": "2024-08-02T01:03:51.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29000 (GCVE-0-2024-29000)
Vulnerability from nvd – Published: 2024-05-20 18:26 – Updated: 2024-08-02 01:03
VLAI?
Summary
The SolarWinds Platform was determined to be affected by a reflected cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability.
Severity ?
7.9 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | SolarWinds Platform |
Affected:
2024.1 and Previous Versions
|
Credits
Lidor Levy
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "solarwinds_platform",
"vendor": "solarwinds",
"versions": [
{
"lessThanOrEqual": "2024.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29000",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T14:04:25.655955Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T15:36:39.203Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:51.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-29000"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SolarWinds Platform ",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "2024.1 and Previous Versions "
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Lidor Levy"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The SolarWinds Platform was determined to be affected by a reflected cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability. "
}
],
"value": "The SolarWinds Platform was determined to be affected by a reflected cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability. "
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-20T18:26:18.573Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm"
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-29000"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nSolarWinds recommends that customers upgrade to SolarWinds Platform 2024.1.1 as soon as it becomes available.\n\n\u003cbr\u003e"
}
],
"value": "\nSolarWinds recommends that customers upgrade to SolarWinds Platform 2024.1.1 as soon as it becomes available.\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Platform Reflected XSS Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-29000",
"datePublished": "2024-05-20T18:26:18.573Z",
"dateReserved": "2024-03-13T20:27:16.319Z",
"dateUpdated": "2024-08-02T01:03:51.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}