Serial number: AV24-596
Date: October 16, 2024
Between October 15 and 16, 2024, SolarWinds published security advisories to address vulnerabilities in multiple products. Included were updates for the following:
- Serv-U FTP – version 15.4.2 and prior
- SolarWinds Platform – version 2024.2.1 and prior
- SolarWinds Web Help Desk – versions 12.8.3 HF2 and prior
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.
- Serv-U FTP Service Directory Traversal Remote Code Execution Vulnerability (CVE-2024-45711)
- SolarWinds Platform Uncontrolled Search Path Element Local Privilege Escalation Vulnerability (CVE-2024-45710)
- SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability (CVE-2024-28988)
- SolarWinds Security Vulnerabilities