SolarWinds Product Security Update Advisory
Overview
An update has been released to address vulnerabilities in SolarWinds products. Users of affected versions are advised to update to the latest version.
Affected Products
CVE-2024-28995
- SolarWinds Serv-U 15.4.2 HF 1 or below
Cve-2024-28996, cve-2024-28999, cve-2024-29004
- SolarWinds Platform 2024.1 SR 1 or below
Resolved Vulnerabilities
SolarWinds Query Language (SWQL) Injection Vulnerability in SolarWinds Platform (CVE-2024-28996) [3]
Race Condition Vulnerability in SolarWinds Platform (CVE-2024-28999) [4]
Stored XSS Vulnerability in SolarWinds Platform (CVE-2024-29004) [5]
Directory Traversal Vulnerability in SolarWinds Serv-U that allows access to read sensitive files on the host system (CVE-2024-28995)
Vulnerability Patches
Vulnerability patches have been made available in the latest updates. Please follow the instructions on the referenced sites to update to the latest vulnerability patched version.
CVE-2024-28995
- SolarWinds Serv-U 15.4.2 HF 2 Version
Cve-2024-28996, cve-2024-28999, cve-2024-29004
- SolarWinds Platform 2024.2 version
Referenced Sites
[1] SolarWinds Serv-U Directory Transversal Vulnerability (CVE-2024-28995)
https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28995
[2] CVE-2024-28995 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-28995
[4] https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28996
[5] https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28999
[6] https://www.solarwinds.com/trust-center/security-advisories/cve-2024-29004
[7] https://www.solarwinds.com/documentation/kbloader.aspx?kb=MT88165