SolarWinds has released a security update to address two vulnerabilities affecting SolarWinds platform 2024.4.1 and prior versions.
The addressed vulnerabilities could allow the attacker to manipulate data and view, add, modify, or delete information in the back-end database, or perform cross-site scripting (XSS) attacks using a specially crafted URL to execute script in the victim’s Web browser within the security context of the hosting website.
The addressed vulnerabilities:
1. SolarWinds Platform SWQL Injection Vulnerability (CVE-2024-29001):
2. SolarWinds Platform Cross-site Scripting Vulnerability (CVE-2024-29003):
The enterprise should deploy this patch as soon as the testing phase is completed.
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |