Severity
Medium
Analysis Summary
CVE-2024-45709 CVSS:5.3
SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited.
CVE-2024-45717 CVSS:7
The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction.
CVE-2024-45713 CVSS:5.1
SolarWinds Kiwi CatTools is susceptible to a sensitive data disclosure vulnerability when a non-default setting has been enabled for troubleshooting purposes.
CVE-2024-45711 CVSS:8.8
SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software environment variables are abused. Authentication is required for this vulnerability.
Impact
- Gain Access
- Code Execution
- Cross-Site Scripting
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-45709
- CVE-2024-45717
- CVE-2024-45713
- CVE-2024-45711
Affected Vendors
Affected Products
- SolarWinds Web Help Desk 12.8.3 HF3 and previous versions
- SolarWinds Platform 2024.4
- SolarWinds Kiwi CatTools 3.12 and previous versions
- SolarWinds Serv-U
Remediation
Refer to SolarWinds Security Advisory for patch, upgrade, or suggested workaround information.