======================================================================

                                 CERT-Renater

                      Note d'Information No. 2024/VULN519
_____________________________________________________________________

DATE                : 04/12/2024

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running SolarWinds Platform versions
                                 prior to 2024.4.1.

=====================================================================
https://www.solarwinds.com/trust-center/security-advisories/cve-2024-45717
_____________________________________________________________________

SolarWinds Platform Cross-Site Scripting Vulnerability (CVE-2024-45717)

Summary

The SolarWinds Platform was susceptible to a XSS vulnerability that
affects the search and node information section of the user
interface. This vulnerability requires authentication and requires
user interaction.


Affected Products

     SolarWinds Platform 2024.4 and prior versions


Fixed Software Release

     SolarWinds Platform 2024.4.1


Acknowledgments

     Frank Lycops, NATO Cyber Security Centre


Advisory Details


Severity
7.0 High

Advisory ID
CVE-2024-45717

First Published
12/04/2024

Fixed Version
SolarWinds Platform 2024.4.1


CVSS Score
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================