CVE-2024-52606

Published: Feb 11, 2025Modified: Feb 25, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

SolarWinds Platform is affected by server-side request forgery vulnerability. Proper input sanitation was not applied allowing for the possibility of a malicious web request.

Affected (1)

Products: Solarwinds: Solarwinds Platform

Solarwinds

1 product

Solarwinds Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Solarwinds Solarwinds Platform	Before 2025.1

Related CWEs

CWE-918

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (2)

https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2025-1_release_notes.htm

Source: psirt@solarwinds.com

Release Notes

https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-52606

Source: psirt@solarwinds.com

Vendor Advisory

Timeline

No history available yet.