SolarWinds Platform Arbitrary Open Redirection Vulnerability 

(CVE-2024-28076)

Summary

The SolarWinds Platform was susceptible to an arbitrary open redirection vulnerability. If exploited, a potential attacker can redirect to a different domain when using URL parameter with relative entry in the correct format.

Affected Products

  • SolarWinds Platform 2024.1 and prior versions

Fixed Software Release

Acknowledgments

  • Nils Putnins working with NATO

Advisory Details

Severity

7.0 High

Advisory ID

First Published

04/18/2024

Last Updated

04/18/2024