This week, SolarWinds announced patches for several high-severity vulnerabilities in Sev-U and the SolarWinds platform.

Among the new patches is one for a bug reported by a penetration tester for NATO. The latest SolarWinds platform, version 2024.2 includes three new security defect patches, as well as multiple bug fixes. The first issue was reported by NATO Communications and Information Agency pentester Nils Putnins. This issue is described as a SWQL injection flaw and is tracked as CVE-2024-28996. Additionally, SolarWinds announced two more patches for two separate security defects that impact the web console of the platform. One being a race condition vulnerability (CVE-2024-28999), and the other being a stored cross-site scripting (XSS) flaw (CVE-2024-29004). Users have been encouraged to upgrade to the 2024.2 version of the platform to mitigate any risk associated with these vulnerabilities.

Read more:

https://www.securityweek.com/solarwinds-patches-high-severity-vulnerability-reported-by-nato-pentester/