SolarWinds Platform SWQL Injection Vulnerability

(CVE-2024-29001)

Summary

A SolarWinds Platform SWQL Injection Vulnerability was identified in the user interface. This vulnerability requires authentication and user interaction to be exploited.

Affected Products

Solarwinds Platform 2024.1 and prior versions

Fixed Software Release

SolarWinds Platform 2024.1 SR 1

Acknowledgments

Jean-Michel Huguet & Arnoldas Radisauskas working with NATO

Advisory Details

Severity

7.5 High

Advisory ID

CVE-2024-29001

First Published

04/18/2024

Last Published

04/18/2024

Fixed Version

SolarWinds Platform 2024.1 SR 1

CVSS Score

CVSS:7.5/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L