SolarWinds Flaw Flagged by NATO Pen Tester

Summary: SolarWinds has released version 2024.2, which includes new features and upgrades, as well as patches for three security vulnerabilities.

Threat Actor: None identified.

Victim: SolarWinds.

Key Point :

  • SolarWinds released version 2024.2, which includes patches for a high-severity SWQL injection bug (CVE-2024-28996), a high-severity cross-site scripting flaw (CVE-2024-29004), and a medium-severity race condition vulnerability affecting the Web console (CVE-2024-28999).
  • The new version also includes improvements in map functionality, stability, performance, and user experience.
  • There is no evidence that the vulnerabilities were exploited in the wild.

SolarWinds has released its version 2024.2, including a variety of new features and upgrades, along with patches for three different security vulnerabilities.

Notably, one high-severity SWQL injection bug, tracked under CVE-2024-28996 (CVSS 7.5), was reported to SolarWinds security by Nils Putnins, a penetration tester affiliated with the North Atlantic Treaty Organization (NATO), the company reported along with the new release. The other flaws fixed in the latest SolarWinds update included a high-severity cross-site scripting flaw, tracked under CVE-2024-29004 (CVSS 7.1), and a medium-severity race condition vulnerability affecting the Web console, tracked under CVE-2024-28999 (CVSS 7.1), the company said.

In addition to security updates, the latest SolarWinds version includes improvements in its map functionality, as well as better stability, performance, and user experience.

SolarWinds tells Dark Reading there is no evidence the flaws were exploited in the wild.

SolarWinds was infamously attacked in 2020 in a successful effort by a nation-state actor to compromise many high-profile organizations, including agencies of the US federal government.

Source: https://www.darkreading.com/vulnerabilities-threats/solarwinds-flaw-flagged-by-nato-pen-tester


“An interesting youtube video that may be related to the article above”