SolarWinds, a leading provider of IT management software, has announced patches for multiple high-severity vulnerabilities in its Serv-U product and the SolarWinds Platform. These vulnerabilities were identified, including one reported by a penetration tester working with NATO.
The latest iteration of the SolarWinds Platform, version 2024.2, includes patches for three new security defects, as well as fixes for multiple bugs in third-party components. The first issue, tracked as CVE-2024-28996, was reported by Nils Putnins, a pentester from the NATO Communications and Information Agency. This flaw is described as an SWQL injection vulnerability. SWQL, a proprietary, read-only subset of SQL, allows users to query the SolarWinds database for specific network information.
In addition to this, SolarWinds also announced patches for two security defects impacting the web console of its platform. These include CVE-2024-28999, a race condition vulnerability, and CVE-2024-29004, a stored cross-site scripting (XSS) flaw. The latter requires high privileges and user interaction for successful exploitation.
These vulnerabilities impact SolarWinds Platform 2024.1 SR 1 and previous versions. Users are advised to update to version 2024.2 of the platform as soon as possible to mitigate these risks.
The SolarWinds Platform update also includes fixes for a medium-severity flaw in Angular and ten high- and medium-severity issues in OpenSSL. Some of these issues, which could be exploited to cause a denial-of-service (DoS) condition, were disclosed as far back as seven years ago.
This week, SolarWinds also rolled out a hotfix for CVE-2024-28995, a high-severity directory traversal vulnerability in Serv-U. This vulnerability could allow attackers to read sensitive files on the host machine. With a CVSS score of 8.6, the bug impacts Serv-U 15.4.2 hotfix 1 and previous versions, including Serv-U FTP Server, Serv-U Gateway, and Serv-U MFT Server. Serv-U 15.4.2 hotfix 2, which resolves the flaw, is compatible with both Windows and Linux systems.
As of now, SolarWinds has not reported any instances of these vulnerabilities being exploited in the wild. However, users and administrators are strongly advised to apply the available patches as soon as possible to ensure the security of their systems.
You may also like:- How To Fix the Crowdstrike/BSOD Issue in Microsoft Windows
- MICROSOFT is Down Worldwide – Read Full Story
- Windows Showing Blue Screen Of Death Error? Here’s How You Can Fix It
- A Guide to SQL Operations: Selecting, Inserting, Updating, Deleting, Grouping, Ordering, Joining, and Using UNION
- Top 10 Most Common Software Vulnerabilities
- Essential Log Types for Effective SIEM Deployment
- How to Fix the VMware Workstation Error: “Unable to open kernel device ‘.\VMCIDev\VMX'”
- Top 3 Process Monitoring Tools for Malware Analysis
- CVE-2024-6387 – Critical OpenSSH Unauthenticated RCE Flaw ‘regreSSHion’ Exposes Millions of Linux Systems
- 22 Most Widely Used Testing Tools
