Can you explain this vulnerability to me?

This vulnerability is an open redirection issue in SolarWinds Observability Self-Hosted (SWOSH) versions 2025.1.1 and earlier. It occurs because the URL input is not properly sanitized, allowing an attacker to manipulate the URL string to redirect users to malicious websites. Exploiting this requires high attack complexity and user authentication. [1]

Useful 0 Not Useful 0

How can this vulnerability impact me? :

The vulnerability can impact you by allowing an attacker to redirect users to malicious sites, potentially leading to confidentiality breaches. According to the CVSS score, it has a high confidentiality impact but does not affect integrity or availability. The attack requires low privileges and no user interaction but is complex and requires authentication. [1]

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection of this open redirection vulnerability involves checking if the SolarWinds Observability Self-Hosted (SWOSH) version is 2025.1.1 or earlier and testing URL inputs for improper sanitization that could lead to redirection to malicious sites. Specific commands are not provided in the available resources. However, network monitoring for unusual outbound redirects or scanning the application URLs for redirection behavior could help identify exploitation attempts. [1]

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to upgrade SolarWinds SWOSH to version 2025.2 or later, where this open redirection vulnerability has been fixed. [1]

Useful 0 Not Useful 0