Lucene search

K
vulnrichmentSolarWindsVULNRICHMENT:CVE-2024-29003
HistoryApr 18, 2024 - 9:07 a.m.

CVE-2024-29003 SolarWinds Platform Cross Site Scripting Vulnerability

2024-04-1809:07:17
CWE-79
SolarWinds
github.com
2
solarwinds
platform
cross site scripting
vulnerability
maps
user interface
authentication
user interaction

CVSS3

7.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

AI Score

6.3

Confidence

High

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. This vulnerability requires authentication and requires user interaction.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*"
    ],
    "vendor": "solarwinds",
    "product": "solarwinds_platform",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "semver",
        "lessThanOrEqual": "2024.1"
      }
    ],
    "defaultStatus": "unknown"
  }
]

CVSS3

7.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

AI Score

6.3

Confidence

High

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

Related for VULNRICHMENT:CVE-2024-29003