Arbitrary Open Redirection Vulnerability in SolarWinds Platform
CVE-2024-28076

4.7MEDIUM

Key Information:

Vendor: SolarWinds
Status: Solarwinds Platform
Vendor: CVE Published:; 18 April 2024

What is CVE-2024-28076?

The vulnerability within the SolarWinds Platform allows an attacker to exploit improper URL parameter handling, leading to arbitrary open redirection attacks. By manipulating URL parameters, an attacker can redirect users to unintended and potentially harmful domains. This poses a significant security risk for organizations utilizing the SolarWinds Platform, as users can be unwittingly redirected to phishing sites or other malicious content. It is essential for users to apply security patches and maintain awareness of their URL handling practices to mitigate this risk.

References

https://www.solarwinds.com/trust-center/security-advisori...

https://documentation.solarwinds.com/en/success_center/or...

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 18, 2024