{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-52611", "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "state": "PUBLISHED", "assignerShortName": "SolarWinds", "dateReserved": "2024-11-14T20:40:33.287Z", "datePublished": "2025-02-11T07:25:02.977Z", "dateUpdated": "2025-02-11T15:14:42.560Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "platforms": ["Windows", "64 bit"], "product": "SolarWinds Platform", "vendor": "SolarWinds", "versions": [{"status": "affected", "version": "2024.4.1 and previous versions"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Vicky Malekar, Ravi Khanchani and Techsa SolarWinds Team"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. While the data does not provide anything sensitive, the information could assist an attacker in other malicious actions."}], "value": "The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. While the data does not provide anything sensitive, the information could assist an attacker in other malicious actions."}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds", "dateUpdated": "2025-02-11T07:25:02.977Z"}, "references": [{"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2025-1_release_notes.htm"}, {"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-52611"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "SolarWinds recommends customers upgrade to SolarWinds Platform 2025.1 as soon as it becomes available. <br>"}], "value": "SolarWinds recommends customers upgrade to SolarWinds Platform 2025.1 as soon as it becomes available."}], "source": {"discovery": "EXTERNAL"}, "title": "SolarWinds Platform Information Disclosure Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-11T15:14:29.023205Z", "id": "CVE-2024-52611", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-11T15:14:42.560Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-52611", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-11T15:14:29.023205Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-11T15:14:36.258Z"}}], "cna": {"title": "SolarWinds Platform Information Disclosure Vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Vicky Malekar, Ravi Khanchani and Techsa SolarWinds Team"}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SolarWinds", "product": "SolarWinds Platform", "versions": [{"status": "affected", "version": "2024.4.1 and previous versions"}], "platforms": ["Windows", "64 bit"], "defaultStatus": "affected"}], "solutions": [{"lang": "en", "value": "SolarWinds recommends customers upgrade to SolarWinds Platform 2025.1 as soon as it becomes available.", "supportingMedia": [{"type": "text/html", "value": "SolarWinds recommends customers upgrade to SolarWinds Platform 2025.1 as soon as it becomes available. <br>", "base64": false}]}], "references": [{"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2025-1_release_notes.htm"}, {"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-52611"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. While the data does not provide anything sensitive, the information could assist an attacker in other malicious actions.", "supportingMedia": [{"type": "text/html", "value": "The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. While the data does not provide anything sensitive, the information could assist an attacker in other malicious actions.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information"}]}], "providerMetadata": {"orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds", "dateUpdated": "2025-02-11T07:25:02.977Z"}}}, "cveMetadata": {"cveId": "CVE-2024-52611", "state": "PUBLISHED", "dateUpdated": "2025-02-11T15:14:42.560Z", "dateReserved": "2024-11-14T20:40:33.287Z", "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "datePublished": "2025-02-11T07:25:02.977Z", "assignerShortName": "SolarWinds"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "16115A67-2611-4E68-A5F7-5D54589FC5D2", "versionEndExcluding": "2025.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. While the data does not provide anything sensitive, the information could assist an attacker in other malicious actions."}, {"lang": "es", "value": "La plataforma SolarWinds es vulnerable a una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s de un mensaje de error. Si bien los datos no brindan informaci\u00f3n confidencial, podr\u00edan ayudar a un atacante a realizar otras acciones maliciosas."}], "id": "CVE-2024-52611", "lastModified": "2025-02-25T17:30:27.797", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "psirt@solarwinds.com", "type": "Primary"}]}, "published": "2025-02-11T08:15:31.280", "references": [{"source": "psirt@solarwinds.com", "tags": ["Release Notes"], "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2025-1_release_notes.htm"}, {"source": "psirt@solarwinds.com", "tags": ["Vendor Advisory"], "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-52611"}], "sourceIdentifier": "psirt@solarwinds.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-209"}], "source": "psirt@solarwinds.com", "type": "Primary"}]}

{}