PT-2024-31734 · Solarwinds · Solarwinds Kiwi Cattools

Published

2024-10-17

Updated

2024-10-18

CVE-2024-45713

CVSS v3.1

5.1

Medium

Vector

AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L

Name of the Vulnerable Software and Affected Versions: SolarWinds Kiwi CatTools versions up to 3.12

Description: The issue is related to a sensitive data disclosure vulnerability. It occurs when a non-default setting has been enabled for troubleshooting purposes, potentially leading to sensitive data leaks through error messages in Settings.

Recommendations: For SolarWinds Kiwi CatTools versions up to 3.12, patch immediately to resolve the issue and monitor logs for exploitation attempts. As a temporary workaround, consider disabling the non-default setting enabled for troubleshooting purposes until a patch is applied. Restrict access to error messages in Settings to minimize the risk of sensitive data exposure.

Fix

Generation of Error Message Containing Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-209

Related Identifiers

CVE-2024-45713

Affected Products

Solarwinds Kiwi Cattools

PT-2024-31734 · Solarwinds · Solarwinds Kiwi Cattools

CVE-2024-45713

Weakness Enumeration

Related Identifiers

Affected Products

References · 7