CVE-2024-29000

Name of the Vulnerable Software and Affected Versions SolarWinds Platform versions prior to 2024.1

Description The issue is related to a reflected cross-site scripting vulnerability in the web console of the SolarWinds Platform. This vulnerability requires a high-privileged user and user interaction to be exploited. It may allow a remote attacker to conduct cross-site scripting attacks due to inadequate protection of the web page structure.

Recommendations For versions prior to 2024.1, upgrade the affected components immediately to mitigate the risks. As a temporary workaround, consider restricting access to the web console to minimize the risk of exploitation. Avoid using the web console until the issue is resolved.