{"id":3942,"date":"2024-06-07T13:04:34","date_gmt":"2024-06-07T18:04:34","guid":{"rendered":"https:\/\/www.darkreading.com\/vulnerabilities-threats\/solarwinds-flaw-flagged-by-nato-pen-tester"},"modified":"2024-06-07T13:04:34","modified_gmt":"2024-06-07T18:04:34","slug":"solarwinds-flaw-flagged-by-nato-pen-tester","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/06\/07\/solarwinds-flaw-flagged-by-nato-pen-tester\/","title":{"rendered":"SolarWinds Flaw Flagged by NATO Pen Tester"},"content":{"rendered":"
<\/a><\/div>\n
<\/div>\n

SolarWinds has released its version 2024.2, including a variety of new features and upgrades, along with patches for three different security vulnerabilities.<\/span><\/p>\n

Notably, one high-severity SWQL injection bug, tracked under <\/span>CVE-2024-28996<\/a><\/span> (CVSS 7.5), was reported to SolarWinds security by Nils Putnins, a penetration tester affiliated with the North Atlantic Treaty Organization (NATO), <\/span>the company reported<\/a><\/span> along with the new release. The other flaws fixed in the latest SolarWinds update included a high-severity cross-site scripting flaw, tracked under <\/span>CVE-2024-29004<\/a><\/span> (CVSS 7.1), and a medium-severity race condition vulnerability affecting the Web console, tracked under <\/span>CVE-2024-28999<\/a><\/span> (CVSS 7.1), the company said.<\/span><\/p>\n

In addition to security updates, the latest SolarWinds version includes improvements in its map functionality, as well as better stability, performance, and user experience.<\/span><\/p>\n

SolarWinds didn’t report whether any of these flaws were exploited in the wild, but did note that, regarding the highest-severity CVE, the “attack complexity is high.”<\/span><\/p>\n

A <\/span>SolarWinds vulnerability<\/a><\/span> was infamously exploited in 2020 to compromise many high-profile organizations, including agencies of the US federal government.<\/span><\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

SolarWinds has released its version 2024.2, including a variety of<\/p>\n","protected":false},"author":12,"featured_media":3943,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-3942","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/solarwinds-flaw-flagged-by-nato-pen-tester-scaled.jpg?fit=2560%2C1702&ssl=1",2560,1702,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/solarwinds-flaw-flagged-by-nato-pen-tester-scaled.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/solarwinds-flaw-flagged-by-nato-pen-tester-scaled.jpg?fit=300%2C199&ssl=1",300,199,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/solarwinds-flaw-flagged-by-nato-pen-tester-scaled.jpg?fit=640%2C426&ssl=1",640,426,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/solarwinds-flaw-flagged-by-nato-pen-tester-scaled.jpg?fit=640%2C426&ssl=1",640,426,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/solarwinds-flaw-flagged-by-nato-pen-tester-scaled.jpg?fit=1536%2C1021&ssl=1",1536,1021,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/solarwinds-flaw-flagged-by-nato-pen-tester-scaled.jpg?fit=2048%2C1362&ssl=1",2048,1362,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/solarwinds-flaw-flagged-by-nato-pen-tester-scaled.jpg?fit=1024%2C681&ssl=1",1024,681,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/solarwinds-flaw-flagged-by-nato-pen-tester-scaled.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/solarwinds-flaw-flagged-by-nato-pen-tester-scaled.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/solarwinds-flaw-flagged-by-nato-pen-tester-scaled.jpg?fit=2560%2C1702&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/3942","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=3942"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/3942\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/3943"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=3942"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=3942"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=3942"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}