CVE-2024-45717: 
SolarWinds Platform vulnerability analysis and mitigation

The SolarWinds Platform was identified with a Cross-Site Scripting (XSS) vulnerability (CVE-2024-45717) that affects the search and node information section of the user interface. The vulnerability was discovered by Frank Lycops from NATO Cyber Security Centre and was publicly disclosed on December 4, 2024. This security issue affects SolarWinds Platform version 2024.4 and prior versions (SolarWinds Advisory, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.0 (High) by SolarWinds with the vector string CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L. The National Vulnerability Database (NVD) assessed it with a CVSS score of 4.8 (Medium) with the vector string CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) (NVD).

The XSS vulnerability could potentially lead to unauthorized access to sensitive information and potential manipulation of the user interface. However, the impact is somewhat limited as the vulnerability requires both authentication and user interaction to be exploited (SolarWinds Advisory).

SolarWinds has released version 2024.4.1 of the SolarWinds Platform to address this vulnerability. Users are advised to upgrade to this latest version to mitigate the security risk (SolarWinds Release Notes).