SolarWinds released updates to fix several security issues in Serv-U and the SolarWinds Platform. These vulnerabilities impact Platform 2024.1 SR 1 and older versions. The company fixed a security issue, known as CVE-2024-28996, reported by a penetration tester from NATO.
NATO Communications and Information Agency pentester Nils Putnins discovered a SQL flaw called CVE-2024-28996 with a CVSS score of 7.5. It allows users to query the SolarWinds database for network information. The attack complexity is high.
By infosecbulletin
/ Tuesday , July 2 2024
The Brain Cipher ransomware group to release the decryption keys for Indonesia Terkoneksi on Wednesday. They said their attack aims...
Read More
By infosecbulletin
/ Tuesday , July 2 2024
"A critical vulnerability has been identified in the Google Authentication mechanism of the application. By manipulating the ID and email...
Read More
By infosecbulletin
/ Tuesday , July 2 2024
The Apache Software Foundation has found multiple security issues in the widely used Apache HTTP Server. These vulnerabilities could lead...
Read More
By infosecbulletin
/ Tuesday , July 2 2024
An executive from National Australia Bank reveals that the four major banks in the country face continuous attacks, as threat...
Read More
By infosecbulletin
/ Monday , July 1 2024
There is a security flaw (CVE-2024-20399) in Cisco NX-OS Software that lets an attacker with local access execute commands as...
Read More
By infosecbulletin
/ Monday , July 1 2024
Despite the limited manpower and various limitations, efforts are being made to keep the country's cyber space safe, said the...
Read More
By infosecbulletin
/ Sunday , June 30 2024
Microsoft will assign Common Vulnerabilities and Exposures (CVE) numbers to important vulnerabilities found and fixed in their cloud services. This...
Read More
By infosecbulletin
/ Sunday , June 30 2024
Indonesia's temporary National Data Center (PDN) was attacked by ransomware last Thursday, leading to delays in airport immigration services and...
Read More
By infosecbulletin
/ Saturday , June 29 2024
FortiGuard Labs found an attack that uses the CVE-2021-40444 vulnerability in Microsoft Office. This flaw lets attackers run harmful code...
Read More
By infosecbulletin
/ Saturday , June 29 2024
Starting November 1, 2024, Google will block websites that use certificates from Entrust. Google made this decision because Entrust has...
Read More
The company also addressed multiple vulnerabilities in third-party companies. The flaws, tracked as CVE-2024-28999 (CVSS score 6.4) and CVE-2024-29004 (CVSS score 7.1), are a race condition issue and a stored XSS bug in the web console, respectively.
The company fixed multiple bugs in third-party components, such as Angular, the public API function BIO_new_NDEF, the OpenSSL RSA Key generation algorithm, and the x86_64 Montgomery squaring procedure in OpenSSL.
The company fixed the vulnerabilities in version 2024.2. SolarWinds released Serv-U 15.4.2 Hotfix 2, which works on Windows and Linux OS, both 32-bit and 64-bit. Admins are advised to update their Serv-U instances as soon as possible.
There’s no report of the bug being used, but attackers have exploited Serv-U vulnerabilities, including zero-days.