CVE-2024-28076 - Vulnerability Details - OpenCVE

The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00027.

Key SSVC decision points have not yet been added.

Vendors	Products
Solarwinds	Solarwinds Platform

Configuration 1 [-]

cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-25243	The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format

Fixes

Solution

SolarWinds recommends that customers upgrade to SolarWinds Platform 2024.1.1 as soon as it becomes available.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm
https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28076

History

Mon, 10 Feb 2025 23:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Solarwinds Solarwinds solarwinds Platform
CPEs		cpe:2.3:a:solarwinds:solarwinds_platform::::::::
Vendors & Products		Solarwinds Solarwinds solarwinds Platform

MITRE

Status: PUBLISHED

Assigner: SolarWinds

Published: 2024-04-18T09:05:42.592Z

Updated: 2024-08-02T00:48:48.245Z

Reserved: 2024-03-01T08:53:44.513Z

Link: CVE-2024-28076

Vulnrichment

Updated: 2024-08-02T00:48:48.245Z

NVD

Status : Analyzed

Published: 2024-04-18T09:15:11.463

Modified: 2025-02-10T22:41:22.000

Link: CVE-2024-28076

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-28076", "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "state": "PUBLISHED", "assignerShortName": "SolarWinds", "dateReserved": "2024-03-01T08:53:44.513Z", "datePublished": "2024-04-18T09:05:42.592Z", "dateUpdated": "2024-08-02T00:48:48.245Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SolarWinds Platform", "vendor": "SolarWinds ", "versions": [{"status": "affected", "version": "2024.1 and previous versions "}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Nils Putnins working with NATO "}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format"}], "value": "The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format"}], "impacts": [{"capecId": "CAPEC-159", "descriptions": [{"lang": "en", "value": "CAPEC-159 Redirect Access to Libraries"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds", "dateUpdated": "2024-04-19T13:41:57.126Z"}, "references": [{"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28076"}, {"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "SolarWinds recommends that customers upgrade to SolarWinds Platform 2024.1.1 as soon as it becomes available."}], "value": "SolarWinds recommends that customers upgrade to SolarWinds Platform 2024.1.1 as soon as it becomes available."}], "source": {"discovery": "UNKNOWN"}, "title": "SolarWinds Platform Arbitrary Open Redirection Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-28076", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-19T15:10:11.227052Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*"], "vendor": "solarwinds", "product": "solarwinds_platform", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T18:03:17.880Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:48.245Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28076", "tags": ["x_transferred"]}, {"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28076", "tags": ["x_transferred"]}, {"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:48.245Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-28076", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-19T15:10:11.227052Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*"], "vendor": "solarwinds", "product": "solarwinds_platform", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-19T15:12:38.213Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "SolarWinds Platform Arbitrary Open Redirection Vulnerability", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Nils Putnins working with NATO "}], "impacts": [{"capecId": "CAPEC-159", "descriptions": [{"lang": "en", "value": "CAPEC-159 Redirect Access to Libraries"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SolarWinds ", "product": "SolarWinds Platform", "versions": [{"status": "affected", "version": "2024.1 and previous versions "}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SolarWinds recommends that customers upgrade to SolarWinds Platform 2024.1.1 as soon as it becomes available.", "supportingMedia": [{"type": "text/html", "value": "SolarWinds recommends that customers upgrade to SolarWinds Platform 2024.1.1 as soon as it becomes available.", "base64": false}]}], "references": [{"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28076"}, {"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format", "supportingMedia": [{"type": "text/html", "value": "The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')"}]}], "providerMetadata": {"orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds", "dateUpdated": "2024-04-19T13:41:57.126Z"}}}, "cveMetadata": {"cveId": "CVE-2024-28076", "state": "PUBLISHED", "dateUpdated": "2024-08-02T00:48:48.245Z", "dateReserved": "2024-03-01T08:53:44.513Z", "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "datePublished": "2024-04-18T09:05:42.592Z", "assignerShortName": "SolarWinds"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD54592D-638F-4F95-A038-BE9F24E02E64", "versionEndExcluding": "2024.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format"}, {"lang": "es", "value": "La plataforma SolarWinds era susceptible a una vulnerabilidad de redireccionamiento abierto arbitrario. Un atacante potencial puede redirigir a un dominio diferente cuando utiliza un par\u00e1metro de URL con una entrada relativa en el formato correcto."}], "id": "CVE-2024-28076", "lastModified": "2025-02-10T22:41:22.000", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.3, "source": "psirt@solarwinds.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-18T09:15:11.463", "references": [{"source": "psirt@solarwinds.com", "tags": ["Release Notes"], "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm"}, {"source": "psirt@solarwinds.com", "tags": ["Vendor Advisory"], "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28076"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28076"}], "sourceIdentifier": "psirt@solarwinds.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "psirt@solarwinds.com", "type": "Secondary"}]}