Lucene search

SolarWindsVULNRICHMENT:CVE-2024-28076

HistoryApr 18, 2024 - 9:05 a.m.

CVE-2024-28076 SolarWinds Platform Arbitrary Open Redirection Vulnerability

2024-04-1809:05:42

CWE-601

SolarWinds

github.com

solarwinds

platform

open redirection

vulnerability

url parameter

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L

AI Score

6.8

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*"
    ],
    "vendor": "solarwinds",
    "product": "solarwinds_platform",
    "versions": [
      {
        "status": "affected",
        "version": "*"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm

www.solarwinds.com/trust-center/security-advisories/cve-2024-28076

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L

AI Score

6.8

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-28076