SolarWinds released updates to fix several security issues in Serv-U and the SolarWinds Platform. These vulnerabilities impact Platform 2024.1 SR 1 and older versions. The company fixed a security issue, known as CVE-2024-28996, reported by a penetration tester from NATO.
NATO Communications and Information Agency pentester Nils Putnins discovered a SQL flaw called CVE-2024-28996 with a CVSS score of 7.5. It allows users to query the SolarWinds database for network information. The attack complexity is high.
By infosecbulletin
/ Thursday , October 10 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its...
Read More
By infosecbulletin
/ Thursday , October 10 2024
Palo Alto Networks released a security advisory (PAN-SA-2024-0010) about several high-severity vulnerabilities in its Expedition migration tool, with CVSS scores...
Read More
By infosecbulletin
/ Wednesday , October 9 2024
In its recent Patch Tuesday release, Microsoft fixed 118 vulnerabilities, including five zero-day flaws, two of which are currently being...
Read More
By infosecbulletin
/ Tuesday , October 8 2024
The Cyber Threat Intelligence (CTI) Unit at BGD e-GOV CIRT has discovered a malware campaign involving the Lumma Stealer family....
Read More
By infosecbulletin
/ Monday , October 7 2024
Qualcomm's October 2024 Security Bulletin reveals critical vulnerabilities in several chipsets, including the popular Snapdragon mobile platforms and FastConnect solutions....
Read More
By infosecbulletin
/ Sunday , October 6 2024
BGD e-GOV CIRT is excited to announce the Financial Institutions and Critical Information Infrastructure (CII) Cyber Drill 2024, designed for...
Read More
By infosecbulletin
/ Saturday , October 5 2024
National Attack Surface (NAS) report for the first half of 2024 reveals that 56.6% of cyberattacks in Bangladesh targeted educational...
Read More
By infosecbulletin
/ Saturday , October 5 2024
A new ransomware campaign is targeting individuals and organizations in the UK and US. The "Prince Ransomware" attack uses a...
Read More
By infosecbulletin
/ Friday , October 4 2024
CISA has issued an urgent alert about critical vulnerabilities being exploited in Synacor’s Zimbra Collaboration and Ivanti’s Endpoint Manager (EPM)....
Read More
By infosecbulletin
/ Friday , October 4 2024
ISACA 2024 survey report reveals that 66% of cybersecurity professionals find their jobs more stressful now than five years ago....
Read More
The company also addressed multiple vulnerabilities in third-party companies. The flaws, tracked as CVE-2024-28999 (CVSS score 6.4) and CVE-2024-29004 (CVSS score 7.1), are a race condition issue and a stored XSS bug in the web console, respectively.
The company fixed multiple bugs in third-party components, such as Angular, the public API function BIO_new_NDEF, the OpenSSL RSA Key generation algorithm, and the x86_64 Montgomery squaring procedure in OpenSSL.
The company fixed the vulnerabilities in version 2024.2. SolarWinds released Serv-U 15.4.2 Hotfix 2, which works on Windows and Linux OS, both 32-bit and 64-bit. Admins are advised to update their Serv-U instances as soon as possible.
There’s no report of the bug being used, but attackers have exploited Serv-U vulnerabilities, including zero-days.