SolarWinds SWQL Injection Vulnerability
CVE-2024-28996 Published on June 4, 2024

SolarWinds Platform SWQL Injection Vulnerability
The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability.

Vendor Advisory NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

HIGH

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

What is a SQL Injection Vulnerability?

The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

CVE-2024-28996 has been classified to as a SQL Injection vulnerability or weakness.

Products Associated with CVE-2024-28996

Want to know whenever a new CVE is published for Solarwinds Platform? stack.watch will email you.

Solarwinds Platform

Affected Versions

SolarWinds Platform :

Version 2024.1.1 and previous versions is affected.

solarwinds_platform:

Before and including 2024.1.1 is affected.

Exploit Probability

EPSS

0.64%

Percentile

70.30%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

SolarWinds SWQL Injection VulnerabilityCVE-2024-28996 Published on June 4, 2024

Vulnerability Analysis

Weakness Type

What is a SQL Injection Vulnerability?

Products Associated with CVE-2024-28996

Affected Versions

Exploit Probability

SolarWinds SWQL Injection Vulnerability
CVE-2024-28996 Published on June 4, 2024