SolarWinds Platform Reflected XSS Vulnerability

(CVE-2024-29000)

Security Advisory Summary

The SolarWinds Platform was determined to be affected by a reflected cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability.

Affected Products

SolarWinds Platform 2024.1 and previous versions

Fixed Software Release

SolarWinds Platform 2024.1 SR 1

Acknowledgments

Lidor Levi

Advisory Detail

Severity

7.9 High

Advisory ID

CVE-2024-29000

First Published

04/18/2024

Last Updated

05/20/2024

Fixed Version

SolarWinds Platform 2024.1 SR 1

CVSS Score

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H