SolarWinds Platform Stored XSS Vulnerability

(CVE-2024-29004)

Summary

The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. High-privileged user credentials are needed, and user interaction is required to exploit this vulnerability.

Affected Products

SolarWinds Platform 2024.1 SR 1 and previous versions

Fixed Software Release

SolarWinds Platform 2024.2

Acknowledgments

Jakub Brzozowski, Kamil Falkiewicz, Szymon Jacek with STM Cyber

Advisory Details

Severity

7.1 High

Advisory ID

CVE-2024-29004

First Published

06/04/2024

Last Updated

06/04/2024

Fixed Version

SolarWinds Platform 2024.2

CVSS Score

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L