CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

SolarWinds Patches High-Severity Vulnerability Reported by NATO Pentester

SolarWinds has released patches for high-severity vulnerabilities in Serv-U and the SolarWinds Platform. The post SolarWinds Patches High-Severity Vulnerability Reported by NATO Pentester appeared first on SecurityWeek.

SolarWinds patches vulnerability

SolarWinds this week announced patches for multiple high-severity vulnerabilities in Serv-U and the SolarWinds Platform, including a bug reported by a penetration tester working with NATO.

Rolling out as version 2024.2, the latest SolarWinds Platform iteration includes patches for three new security defects, as well as fixes for multiple bugs in third-party components.

The first issue, tracked as CVE-2024-28996, and reported by NATO Communications and Information Agency pentester Nils Putnins, is described as an SWQL injection flaw. A proprietary, read-only subset of SQL, SWQL allows users to query the SolarWinds database for network information.

SolarWinds also announced patches for two security defects impacting the web console of its platform, namely CVE-2024-28999, a race condition vulnerability, and CVE-2024-29004, a stored cross-site scripting (XSS) flaw that requires high privileges and user interaction for successful exploitation.

According to the vendor, the vulnerabilities impact SolarWinds Platform 2024.1 SR 1 and previous versions. Users are advised to update to version 2024.2 of the platform as soon as possible.

The SolarWinds Platform update also includes fixes for a medium-severity flaw in Angular and ten high- and medium-severity issues in OpenSSL, some of which were disclosed seven years ago. Most of these issues could be exploited to cause a denial-of-service (DoS) condition.

This week, SolarWinds also rolled out a hotfix for CVE-2024-28995, a high-severity directory transversal vulnerability in Serv-U that could allow attackers to read sensitive files on the host machine.

With a CVSS score of 8.6, the bug impacts Serv-U 15.4.2 hotfix 1 and previous versions, including Serv-U FTP Server, Serv-U Gateway, and Serv-U MFT Server. Serv-U 15.4.2 hotfix 2 resolves the flaw and is compatible with both Windows and Linux systems.

SolarWinds makes no mention of any of these vulnerabilities being exploited in the wild. Users and administrators are advised to apply the available patches as soon as possible.

Related: Industry Reactions to SEC Charging SolarWinds and Its CISO: Feedback Friday

Related: SolarWinds Patches High-Severity Flaws in Access Rights Manager

Related: Hundreds of Devices With Internet-Exposed Management Interface Found in US Agencies

Related: SolarWinds Platform Update Patches High-Severity Vulnerabilities

Latest News

CYBERNEWSMEDIAPublisher