CVE-2024-29001

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-29001
A SolarWinds Platform SWQL Injection Vulnerability was identified in the user interface. This vulnerability requires authentication and user interaction to be exploited.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.7 / Impact : 5.3

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

References
Link Resource
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm Release Notes
https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-29001 Vendor Advisory
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm Release Notes
https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-29001 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*
History

10 Feb 2025, 22:42

Type Values Removed Values Added
References () https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm - () https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm - Release Notes
References () https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-29001 - () https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-29001 - Vendor Advisory
First Time Solarwinds
Solarwinds solarwinds Platform
CPE cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*

21 Nov 2024, 09:07

Type Values Removed Values Added
References () https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm - () https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm -
References () https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-29001 - () https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-29001 -

18 Apr 2024, 13:04

Type Values Removed Values Added
Summary
  • (es) Se identificó una vulnerabilidad de inyección SWQL de la plataforma SolarWinds en la interfaz de usuario. Esta vulnerabilidad requiere autenticación e interacción del usuario para poder explotarse.

18 Apr 2024, 09:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-18 09:15

Updated : 2025-02-10 22:42

NVD link : CVE-2024-29001

Mitre link : CVE-2024-29001

CVE.ORG link : CVE-2024-29001

JSON object : View

Products Affected

solarwinds

  • solarwinds_platform
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')