SolarWinds Platform XSS Vulnerabilities Identified
Summary
CERT-Bund has issued a security advisory regarding multiple vulnerabilities in the SolarWinds Platform that could allow for Cross-Site Scripting (XSS) attacks. The advisory provides details on affected versions and mitigation strategies. The identified vulnerabilities have a CVSS Base Score of 6.5, rated as medium.
What changed
This advisory from CERT-Bund details multiple vulnerabilities within the SolarWinds Platform (formerly Orion) that attackers can exploit to conduct Cross-Site Scripting (XSS) attacks. The vulnerabilities affect SolarWinds Platform versions prior to 2026.1.1 and have been assigned a CVSS Base Score of 6.5 (medium). The advisory indicates that remote attacks are possible and provides mitigation information.
Organizations utilizing the SolarWinds Platform, particularly those running versions prior to 2026.1.1, should review the advisory and implement available mitigation strategies to protect their systems. This includes assessing the potential impact of these XSS vulnerabilities on their IT infrastructure and user data. While no specific compliance deadline is mentioned, prompt action is recommended to address the security risks.
What to do next
- Review CERT-Bund advisory WID-SEC-2026-0869 for affected SolarWinds Platform versions.
- Implement available mitigation strategies to address identified XSS vulnerabilities.
- Assess potential impact on IT infrastructure and user data.
Source document (simplified)
[WID-SEC-2026-0869] SolarWinds Platform: Mehrere Schwachstellen ermöglichen Cross-Site Scripting CVSS Base Score 6.5 (mittel) CVSS Temporal Score 5.7 (mittel) Remoteangriff ja Datum 25.03.2026 Stand 26.03.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Sonstiges
- Windows
Produktbeschreibung
SolarWinds Platform (ehemals "Orion") ist eine IT Performance-Monitoring Plattform.
Produkte
25.03.2026
- SolarWinds Platform <2026.1.1
Angriff
Angriff
Ein Angreifer kann mehrere Schwachstellen in SolarWinds Platform ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Named provisions
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.