Описание
SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required.
Ссылки
- Release NotesVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2025.4.1 (исключая)
cpe:2.3:a:solarwinds:observability_self-hosted:*:*:*:*:*:*:*:*
EPSS
Процентиль: 7%
0.00027
Низкий
4.8 Medium
CVSS3
4.4 Medium
CVSS3
Дефекты
CWE-601
Связанные уязвимости
CVSS3: 4.8
github
3 месяца назад
SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required.
EPSS
Процентиль: 7%
0.00027
Низкий
4.8 Medium
CVSS3
4.4 Medium
CVSS3
Дефекты
CWE-601