Back

CVE-2024-29001

April 18, 2024, 1:04 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

SolarWinds Platform

Source

psirt@solarwinds.com

Tags

CVE-2024-29001 details

Published : April 18, 2024, 9:15 a.m.
Last Modified : April 18, 2024, 1:04 p.m.

Description

A SolarWinds Platform SWQL Injection Vulnerability was identified in the user interface. This vulnerability requires authentication and user interaction to be exploited.

CVSS Score

1 2 3 4 5 6 7.5 8 9 10

Weakness

Weakness Name Description

CVSS Data

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

Base Score

7.5

Exploitability Score

Impact Score

Base Severity

HIGH

Vector String : CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

References

URL Source
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm psirt@solarwinds.com
https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-29001 psirt@solarwinds.com
This website uses the NVD API, but is not approved or certified by it.