June 7, 2024 at 07:00AM
SolarWinds released patches for high-severity vulnerabilities in Serv-U and the SolarWinds Platform, including a bug reported by a NATO pentester. Version 2024.2 includes fixes for three security defects and multiple bugs in third-party components. The vulnerabilities impact SolarWinds Platform 2024.1 SR 1 and previous versions. Users are urged to update to version 2024.2 promptly.
Based on the meeting notes, here are the key takeaways:
– SolarWinds has announced patches for multiple high-severity vulnerabilities in Serv-U and the SolarWinds Platform. These patches include fixes for security defects impacting the platform and the web console, as well as other medium and high-severity issues in third-party components like Angular and OpenSSL.
– The vulnerabilities impact previous versions of the SolarWinds Platform, and users are advised to update to version 2024.2 as soon as possible.
– There is a specific vulnerability, tracked as CVE-2024-28995, in Serv-U that has been patched with Serv-U 15.4.2 hotfix 2. This high-severity directory traversal vulnerability could allow attackers to read sensitive files on the host machine.
– SolarWinds assures that there is no evidence of these vulnerabilities being exploited in the wild, but it is advised that users and administrators apply the available patches promptly.
Let me know if you need further details or clarification on any points.