SolarWinds Platform Arbitrary Open Redirection Vulnerability

(CVE-2024-28076)

Summary

The SolarWinds Platform was susceptible to an arbitrary open redirection vulnerability. If exploited, a potential attacker can redirect to a different domain when using URL parameter with relative entry in the correct format.

Affected Products

SolarWinds Platform 2024.1 and prior versions

Fixed Software Release

SolarWinds Platform 2024.1 SR 1

Acknowledgments

Nils Putnins working with NATO

Advisory Details

Severity

7.0 High

Advisory ID

CVE-2024-28076

First Published

04/18/2024

Last Updated

04/18/2024

Fixed Version

SolarWinds Platform 2024.1 SR 1

CVSS Score

CVSS:7.0/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L