CVE-2024-29004 – This stored cross-site scripting (XSS) vulnerab... (How to Fix)

Q: What is the severity of CVE-2024-29004?

CVE-2024-29004 has a CVSS score of 7.1 (HIGH). This stored cross-site scripting (XSS) vulnerability in SolarWinds Platform allows a high-privileged user to inject malicious scripts into the web console. When other users interact with the compromised interface, the scripts execute in their browser context. The vulnerability requires both high privileges and user interaction to exploit.

📋 TL;DR

This stored cross-site scripting (XSS) vulnerability in SolarWinds Platform allows a high-privileged user to inject malicious scripts into the web console. When other users interact with the compromised interface, the scripts execute in their browser context. The vulnerability requires both high privileges and user interaction to exploit.

💻 Affected Systems

Products:

SolarWinds Platform

Versions: Versions prior to 2024.2

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires high-privileged user account and user interaction to exploit.

📦 What is this software?

Solarwinds Platform by Solarwinds

View all CVEs affecting Solarwinds Platform →

⚠️ Risk & Real-World Impact

🔴

Worst Case

A compromised high-privileged account could inject scripts that steal session cookies, perform actions as other users, or deploy malware to client systems.

🟠

Likely Case

Privilege escalation or data theft from users who interact with malicious content injected by a rogue administrator.

🟢

If Mitigated

Limited impact due to requirement for high privileges and user interaction; proper access controls and monitoring reduce risk.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires high-privileged credentials and user interaction, making automated attacks difficult.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024.2 or later

Vendor Advisory: https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-29004

Restart Required: Yes

Instructions:

1. Download SolarWinds Platform 2024.2 or later from SolarWinds customer portal. 2. Run the installer with administrative privileges. 3. Follow the upgrade wizard. 4. Restart the SolarWinds services after installation completes.

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement additional input validation and output encoding for web console fields.

🧯 If You Can't Patch

Restrict high-privileged accounts to trusted personnel only and implement strict access controls.
Monitor user activity logs for suspicious behavior from high-privileged accounts.

🔍 How to Verify

Check if Vulnerable:

Check SolarWinds Platform version in web console under Help > About.

Check Version:

Not applicable - check via web interface.

Verify Fix Applied:

Verify version is 2024.2 or later and test XSS payloads in web console fields.

📡 Detection & Monitoring

Log Indicators:

Unusual activity from high-privileged accounts
JavaScript payloads in web console logs

Network Indicators:

Unexpected outbound connections from SolarWinds server after user interactions

SIEM Query:

source="solarwinds" AND (event_type="admin_action" OR message="script")

📊 Metadata

CVE ID: CVE-2024-29004

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L

CWE: CWE-79

Published: June 4, 2024

Last Updated: February 26, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-29004, you might also want to check these: