CVE-2024-52606: SolarWinds Platform Server-Side Request Forgery Vulnerability

3.5 CVSS

Description

SolarWinds Platform is affected by server-side request forgery vulnerability. Proper input sanitation was not applied allowing for the possibility of a malicious web request.

Classification

CVE ID: CVE-2024-52606

CVSS Base Severity: LOW

CVSS Base Score: 3.5

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Affected Products

Vendor: SolarWinds

Product: SolarWinds

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.09% (probability of being exploited)

EPSS Percentile: 41.28% (scored less or equal to compared to others)

EPSS Date: 2025-03-12 (when was this score calculated)

References

https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2025-1_release_notes.htm
https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-52606

Timeline

2025-02-12 00:31:33 UTC
CVE

SolarWinds Platform Server-Side Request Forgery Vulnerability