CVE-2024-28996

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-28996
The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability.  

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm Release Notes
https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28996 Vendor Advisory
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm Release Notes
https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28996 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*
History

21 Nov 2024, 09:07

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.1 		v2 : unknown
v3 : 7.5
References () https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm - Release Notes () https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm - Release Notes
References () https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28996 - Vendor Advisory () https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28996 - Vendor Advisory

06 Jun 2024, 16:23

Type Values Removed Values Added
CPE cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*
References () https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm - () https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm - Release Notes
References () https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28996 - () https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28996 - Vendor Advisory
CVSS v2 : unknown
v3 : 7.5 		v2 : unknown
v3 : 8.1
Summary
  • (es) Se determinó que la plataforma SolarWinds estaba afectada por una vulnerabilidad de inyección SWQL. La complejidad del ataque es alta para esta vulnerabilidad.
First Time Solarwinds solarwinds Platform
Solarwinds

04 Jun 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-04 15:15

Updated : 2024-11-21 09:07

NVD link : CVE-2024-28996

Mitre link : CVE-2024-28996

CVE.ORG link : CVE-2024-28996

JSON object : View

Products Affected

solarwinds

  • solarwinds_platform
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')