SolarWinds Platform Cross-Site Scripting Vulnerability

(CVE-2024-45717)

Summary

The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction.

Affected Products

SolarWinds Platform 2024.4 and prior versions

Fixed Software Release

SolarWinds Platform 2024.4.1

Acknowledgments

Frank Lycops, NATO Cyber Security Centre

Advisory Details

Severity

7.0 High

Advisory ID

CVE-2024-45717

First Published

12/04/2024

Fixed Version

SolarWinds Platform 2024.4.1

CVSS Score

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L