CVE-2024-45715: 
SolarWinds Platform vulnerability analysis and mitigation

The SolarWinds Platform was identified with a Cross-Site Scripting (XSS) vulnerability (CVE-2024-45715) that affects version 2024.2.1 and earlier versions. The vulnerability was discovered when performing an edit function to existing elements in the platform. This security issue was disclosed on October 16, 2024, and requires a high privileged account for exploitation (SolarWinds Advisory, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (High) with the vector string CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation). The technical assessment indicates that the vulnerability requires adjacent network access, low attack complexity, high privileges, and user interaction for successful exploitation (NVD).

The Cross-Site Scripting vulnerability could potentially allow attackers to inject malicious scripts when editing elements in the platform, leading to high confidentiality impact and low integrity and availability impacts. The vulnerability requires high privileges for exploitation, which somewhat limits its potential impact (Cyble).

SolarWinds has released version 2024.4 as a patch to address this vulnerability. Organizations are strongly advised to upgrade to this version to mitigate the risk. The fix is available through the standard update channels (SolarWinds Advisory).

The vulnerability was responsibly disclosed by Maksym Vatsyk from the Visa Cybersecurity Team, demonstrating effective collaboration between security researchers and vendors (SolarWinds Advisory).