CVE-2024-45712: SolarWinds Serv-U Client-Side Cross-Site Scripting Vulnerability

2.6 CVSS

Description

SolarWinds Serv-U is vulnerable to a client-side cross-site scripting (XSS) vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low.

Classification

CVE ID: CVE-2024-45712

CVSS Base Severity: LOW

CVSS Base Score: 2.6

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

Problem Types

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected Products

Vendor: SolarWinds

Product: Serv-U

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 12.48% (scored less or equal to compared to others)

EPSS Date: 2025-04-16 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-45712
https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45712
https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-1_release_notes.htm

Timeline

2025-04-15 09:40:12 UTC
CVE

SolarWinds Serv-U Client-Side Cross-Site Scripting Vulnerability