Free Demo

Trending

Report: Global Cybersecurity Report 2025          Report: Europe Threat Landscape Report 2025          Report: APAC Cyber Threat Landscape Report 2025          Report: North America Cyber Threat Landscape Report 2025          Report: META Threat Landscape Report 2025          Recognition: Cyble Recognized in the Gartner® Hype Cycle™ for Cyber-Risk Management, 2025          Recognition: Cyble Named a Sample Vendor in Gartner® Hype Cycle™ for Managed IT Services 2025         
Report: Global Cybersecurity Report 2025          Report: Europe Threat Landscape Report 2025          Report: APAC Cyber Threat Landscape Report 2025          Report: North America Cyber Threat Landscape Report 2025          Report: META Threat Landscape Report 2025          Recognition: Cyble Recognized in the Gartner® Hype Cycle™ for Cyber-Risk Management, 2025          Recognition: Cyble Named a Sample Vendor in Gartner® Hype Cycle™ for Managed IT Services 2025         
HomeBlog
SolarWinds Releases Patches for High-Severity Vulnerabilities
Cyble-Blogs-SolarWinds

SolarWinds Releases Patches for High-Severity Vulnerabilities

SolarWinds has released a security advisory detailing critical product vulnerabilities, urging immediate action to protect IT infrastructure.

Overview

SolarWinds has issued an important security update advisory outlining the latest vulnerability patches released for its products. This advisory provides insights into recently disclosed vulnerabilities affecting the SolarWinds range and emphasizes the need for organizations to take immediate action to protect their IT infrastructure.

The advisory details various vulnerabilities and their associated risk scores, categorized by severity levels. High vulnerabilities, classified with a CVSS base score of 7.0 to 10.0, include three identified issues, specifically CVE-2024-45714, CVE-2024-45711, CVE-2024-45710, and CVE-2024-45715. These vulnerabilities carry a high-risk score and are marked with a Green TLP rating.

In addition, there is one medium vulnerability, which falls within a CVSS score range of 4.0 to 6.9 and is also rated Green. Furthermore, no vulnerabilities have been classified as low, with a score range of 0.0 to 3.9, reflecting a low-risk status.

Several products and versions have been identified as vulnerable, with patches readily available. Specifically, CVE-2024-45714 affects Serv-U version 15.4.2.3 and earlier, while CVE-2024-45711 impacts Serv-U version 15.4.2 and earlier versions. Additionally, CVE-2024-45710 and CVE-2024-45715 affect SolarWinds Platform version 2024.2.1 and all previous versions.

Detailed Vulnerability Analysis

The Cross-Site Scripting vulnerability (CVE-2024-45714) is classified with a CVSS score of 4.8, indicating a medium severity level. This vulnerability affects Serv-U version 15.4.2.3 and earlier. It allows an authenticated attacker to exploit a flaw in the system, enabling them to modify a variable using a malicious payload.

Another vulnerability is Directory Traversal (CVE-2024-45711), which carries a CVSS score of 7.5, categorizing it as high severity. This issue affects Serv-U version 15.4.2 and earlier versions. The vulnerability may allow for remote code execution, contingent upon the privileges assigned to the authenticated user. To successfully exploit this vulnerability, the attacker must have already gained authentication.

report-ad-banner

The Uncontrolled Search Path Element vulnerability, identified as CVE-2024-45710, has a CVSS score of 7.8, also indicating high severity. This vulnerability affects the SolarWinds Platform version 2024.2.1 and earlier. It can be exploited to escalate privileges locally by a low-privilege user who has access to the affected machine.

Lastly, Cross-Site Scripting (CVE-2024-45715) has a CVSS score of 7.1, placing it in the high severity category. This vulnerability impacts SolarWinds Platform version 2024.2.1 and previous versions. Affected versions are susceptible to XSS when users perform edit functions on existing elements, potentially compromising system security.

Recommendations

To mitigate the risks associated with these vulnerabilities, organizations should implement the following strategies:

  1. Organizations must promptly apply the latest patches released by SolarWinds to all affected products.
  2. Develop a comprehensive patch management strategy that includes inventory management, assessment, testing, deployment, and verification of patches.
  3. Organizations should segment their networks to safeguard critical assets. This can be achieved through firewalls, VLANs, and access controls, effectively reducing the attack surface.
  4. An incident response plan should be created and regularly tested to ensure it remains effective against evolving threats. This plan should outline procedures for detection, response, and recovery from security incidents.
  5. Organizations are encouraged to implement comprehensive monitoring solutions to detect suspicious activities.
  6. Proactively identify and assess the criticality of any End-of-Life (EOL) products, ensuring timely upgrades or replacements to maintain security integrity.

Conclusion

The SolarWinds platform and its Serv-U product are integral to many organizations for IT management and network monitoring. Given the history of attacks exploiting vulnerabilities in SolarWinds products, organizations need to address any newly disclosed high-severity vulnerabilities promptly. Failure to patch these vulnerabilities could expose organizations to operational and security risks.

Disclaimer: This blog is based on our research and the information available at the time of writing. It is for informational purposes only and does not constitute legal, financial, or professional advice. While we strive for accuracy, we do not guarantee the completeness or reliability of the content. If any sensitive information has been inadvertently included, please contact us for correction. Cyble is not responsible for any errors, omissions, or decisions made based on this content. Readers should verify findings and seek expert advice where necessary. All trademarks, logos, and third-party content belong to their respective owners and do not imply endorsement or affiliation. All content is presented “as is” without any guarantee that it is free of confidential, proprietary, or otherwise sensitive information. If you believe any portion of this content contains inadvertently shared or sensitive data, please contact us immediately so that we may address and rectify the issue. No Liability for Errors or Omissions Due to the dynamic nature of cyber threat activity, this [blog/report/article] may include partial, outdated, or otherwise incorrect information due to unverified sources, evolving security threats, or human error. We expressly disclaim any liability for errors or omissions or any potential consequences arising from the use, misuse, or reliance on this information.
why cyble

Get Threat Assessment Report

Identify External Threats Targeting Your Business​
Get My Report
Free
Cyble Vision

Threat Landscape Reports 2025

Global cybersecurity report
Europe cyber landscape
APAC Cyber Threat Landscape
North America Cyber Threat Landscape Report
META Threat Landscape
Australia New Zealand threat report

Upcoming Webinars

global-webinar-banner
Stay-Ahead-of-Cyber-Threats
CISO's Guide to Threat Intelligence 2024

CISO’s Guide to Threat Intelligence 2024: Best Practices

Stay Ahead of Cyber Threats with Expert Insights and Strategies. Download Free E-Book Now

Cyble | Amazon Music
Azure-MP-logo
google-ad-cyble
Share the Post:

Related Posts

Scroll to Top

Discover more from Cyble

Subscribe now to keep reading and get access to the full archive.

Continue reading