Can anyone confirm if SolarWinds Security Event Manager is impacted by the Spring Framework path traversal vulnerability (CVE-2024-38819)
Many thanks
Can anyone confirm if SolarWinds Security Event Manager is impacted by the Spring Framework path traversal vulnerability (CVE-2024-38819)
Many thanks
Here‘s the list of 3rd party software used by SEM https://documentation.solarwinds.com/en/success_center/sem/content/sem_third_party_software_list.htm
I have seen Spring on there and the version that is used seems to be in the list of affected versions. However,It has been the situation in the past, where Solarwinds used a version of Spring that was vulnerable, but did not use the affected function in spring. So you probably have to wait for an official statement from Solarwinds.
cheers
I am checking with the team and will update you soon.
Thanks all, I raised a support ticket with SolarWinds and they have confirmed the product is not impacted by this vulnerability
SEM is not affected by this vulnerability.
solarwindscore.my.site.com/.../Why-SolarWinds-SEM-is-not-affected-by-CVE-2024-38819
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 200,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.