CVE-2024-28076

HIGH7.0

Description

The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format

CVSS breakdown

CVSS 3.1

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

Low

Availability

Low

Affected products

SolarWinds / SolarWinds Platform2024.1 and previous versions – 2024.1 and previous versions

References

VENDOR_ADVISORYhttps://www.solarwinds.com/trust-center/security-advisories/cve-2024-28076
MISChttps://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm