CVE-2024-45717 – This cross-site scripting (XSS) vulnerability i... (How to Fix)

Q: What is the severity of CVE-2024-45717?

CVE-2024-45717 has a CVSS score of 7.0 (HIGH). This cross-site scripting (XSS) vulnerability in SolarWinds Platform allows authenticated attackers to inject malicious scripts into the search and node information interface. When exploited, it can lead to session hijacking, data theft, or unauthorized actions within the authenticated user's context. Only authenticated SolarWinds Platform users are affected.

📋 TL;DR

This cross-site scripting (XSS) vulnerability in SolarWinds Platform allows authenticated attackers to inject malicious scripts into the search and node information interface. When exploited, it can lead to session hijacking, data theft, or unauthorized actions within the authenticated user's context. Only authenticated SolarWinds Platform users are affected.

💻 Affected Systems

Products:

SolarWinds Platform

Versions: Versions prior to 2024.4.1

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authentication and user interaction to trigger the XSS payload.

📦 What is this software?

Solarwinds Platform by Solarwinds

View all CVEs affecting Solarwinds Platform →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could steal administrator credentials, pivot to other systems, deploy ransomware, or exfiltrate sensitive network monitoring data.

🟠

Likely Case

Attackers would use this to hijack authenticated sessions, steal cookies, or perform actions as the victim user within SolarWinds.

🟢

If Mitigated

With proper input validation and output encoding, the attack would fail to execute malicious scripts.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated access and social engineering to trick users into interacting with malicious content.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024.4.1 or later

Vendor Advisory: https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45717

Restart Required: No

Instructions:

1. Download SolarWinds Platform 2024.4.1 or later from the SolarWinds customer portal. 2. Follow SolarWinds upgrade documentation for your deployment. 3. Verify the update completes successfully.

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement additional input validation and output encoding for search and node information fields.

🧯 If You Can't Patch

Restrict access to SolarWinds Platform to only necessary users with least privilege principles.
Implement web application firewall (WAF) rules to block XSS patterns in search and node parameters.

🔍 How to Verify

Check if Vulnerable:

Check SolarWinds Platform version in the web interface under Help > About.

Check Version:

Not applicable - check via web interface or SolarWinds Orion Installer.

Verify Fix Applied:

Confirm version is 2024.4.1 or later and test search functionality with basic XSS payloads like <script>alert('test')</script>.

📡 Detection & Monitoring

Log Indicators:

Unusual search queries containing script tags or JavaScript in SolarWinds logs
Multiple failed login attempts followed by successful authentication and suspicious searches

Network Indicators:

HTTP requests to SolarWinds with encoded script payloads in query parameters

SIEM Query:

source="solarwinds" AND (query="*<script>*" OR query="*javascript:*" OR query="*onerror=*" OR query="*onload=*")

📊 Metadata

CVE ID: CVE-2024-45717

CVSS v3 Score: 7.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

CWE: CWE-79

Published: December 4, 2024

Last Updated: February 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45717, you might also want to check these: