SolarWinds Platform 2024.4.1 release notes
Release date: December 4, 2024
SolarWinds Platform 2024.4.1 is a service release providing bug and security fixes for release 2024.4. For information about the 2024.4 release, including EOL notices and upgrade information, see SolarWinds Platform 2024.4 Release Notes.
Fixes
| Case number | Description |
|---|---|
| 01787803 |
In environments that make heavy use of the WMI polling method, WMI polling no longer fails with the message |
| 01775614, 01797044 |
If the National Institute of Standards and Technology (NIST) does not include data about a device type in the Common Platform Enumeration (CPE) Dictionary, the missing data no longer prevents SolarWinds Observability Self-Hosted from identifying firmware vulnerabilities that affect the device. |
| 01790612, 01795074 |
The Incident Number column on the All Active Alerts page displays the number of currently active incidents associated with an alert. It no longer includes incidents that occurred in the past and are no longer active. |
| 01778801 |
Information that should not be available to a user because of limitations is no longer exposed in certain situations, such as a failed service initialization on an unstable database connection. |
| 01791756, 01800049 |
Upgrading the SolarWinds Platform log database no longer fails with an error similar to the following if the database is contained:
|
| 01785463, 01785499, 01786391, 01787163, 01787867, 01790533, 01791274, 01799572 |
When you open the Deployment Health tab from an additional web server, health checks run correctly. |
| 01742235 |
Maps created without a container can be updated and saved. |
| 01761260 |
Using a date format other than MM/DD/YYYY no longer prevents the discovery of a Power Control Unit (PCU). |
| 01803929 |
When a subgroup is added to a map, the All Groups widget and Manage Groups page no longer display the subgroup as both a root level group and a subgroup. |
| 01788280 |
When you select the $Name variable under Map name format, you can save the map definition. |
| 01682272, 01749347 |
If a polling engine is upgraded to 2024.4 or later but agents remain on an older version, CPU data is not missing for agent-monitored Windows servers. |
CVEs
Last updated: December 02, 2024
SolarWinds would like to thank the security researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.
SolarWinds CVEs
| CVE-ID | Vulnerability Title | Description | Severity | Credit |
|---|---|---|---|---|
| CVE-2024-45717 | SolarWinds Platform Cross Site Scripting Vulnerability | The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction. | 7.0 High | Frank Lycops, NATO Cyber Security Centre |
Third Party CVEs
| CVE-ID | Vulnerability Title | Description | Severity |
|---|---|---|---|
| CVE-2024-43483 | .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | 7.5 High |
| CVE-2024-38167 | .NET and Visual Studio Information Disclosure Vulnerability | .NET and Visual Studio Information Disclosure Vulnerability | 6.5 Medium |
| CVE-2024-43485 | .NET and Visual Studio Denial of Service Vulnerability | .NET and Visual Studio Denial of Service Vulnerability | 7.5 High |
Legal notices
© 2024 SolarWinds Worldwide, LLC. All rights reserved.
This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.
SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.