Skip to main content

Solarwinds Platform CVE-2024-52606

LOW
Server-Side Request Forgery (SSRF) (CWE-918)
2025-02-11 psirt@solarwinds.com
3.5
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.5 LOW
AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 18:26 vuln.today
CVE Published
Feb 11, 2025 - 08:15 nvd
LOW 3.5

DescriptionCVE.org

SolarWinds Platform is affected by server-side request forgery vulnerability. Proper input sanitation was not applied allowing for the possibility of a malicious web request.

AnalysisAI

SolarWinds Platform is affected by server-side request forgery vulnerability. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918), which allows attackers to make the server perform requests to unintended internal or external resources. SolarWinds Platform is affected by server-side request forgery vulnerability. Proper input sanitation was not applied allowing for the possibility of a malicious web request. Affected products include: Solarwinds Solarwinds Platform.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and allowlist destination URLs, block requests to internal networks, use network segmentation.

CVE-2024-28999 HIGH POC
7.5 Jun 04

The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console. Rated

CVE-2023-40056 HIGH
8.8 Nov 28

SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. Rated high severity (CVSS 8.8), this vulne

CVE-2023-40062 HIGH
8.8 Nov 01

SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. Rated high severity (CVSS

CVE-2023-40061 HIGH
8.8 Nov 01

Insecure job execution mechanism vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication

CVE-2024-45710 HIGH
7.8 Oct 16

SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. Rate

CVE-2024-28996 HIGH
7.5 Jun 04

The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Rated high severity (CVSS 7.5),

CVE-2024-29001 HIGH
7.4 Apr 18

A SolarWinds Platform SWQL Injection Vulnerability was identified in the user interface. Rated high severity (CVSS 7.4),

CVE-2023-33225 HIGH
7.2 Jul 26

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this

CVE-2023-33224 HIGH
7.2 Jul 26

The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. Rated high severity (CVSS 7.2), t

CVE-2023-23844 HIGH
7.2 Jul 26

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this

CVE-2023-23843 HIGH
7.2 Jul 26

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this

CVE-2024-52612 MEDIUM
6.8 Feb 11

SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.8), t

Share

CVE-2024-52606 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy