April 23, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
CVE-2024-56512 – Apache NiFi Vulnerability
January 2, 2025DoubleClickjacking Exploit Circumvents Clickjacking Protections on Major Websites
January 2, 2025CVE-2024-56512 – Apache NiFi Vulnerability
January 2, 2025DoubleClickjacking Exploit Circumvents Clickjacking Protections on Major Websites
January 2, 2025
Severity
Medium
Analysis Summary
CVE-2024-45709 CVSS:5.3
SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited.
CVE-2024-45717 CVSS:7
The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction.
CVE-2024-45713 CVSS:5.1
SolarWinds Kiwi CatTools is susceptible to a sensitive data disclosure vulnerability when a non-default setting has been enabled for troubleshooting purposes.
CVE-2024-45711 CVSS:8.8
SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software environment variables are abused. Authentication is required for this vulnerability.
Impact
- Gain Access
- Code Execution
- Cross-Site Scripting
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-45709
- CVE-2024-45717
- CVE-2024-45713
- CVE-2024-45711
Affected Vendors
SolarWinds
Affected Products
- SolarWinds Web Help Desk 12.8.3 HF3 and previous versions
- SolarWinds Platform 2024.4
- SolarWinds Kiwi CatTools 3.12 and previous versions
- SolarWinds Serv-U
Remediation
Refer to SolarWinds Security Advisory for patch, upgrade, or suggested workaround information.
