Lucene search

SolarWindsCVELIST:CVE-2021-35254

HistoryMar 25, 2022 - 6:02 p.m.

CVE-2021-35254 Authenticated Remote Code Execution in WebHelpDesk 12.7.8

2022-03-2518:02:27

CWE-20

SolarWinds

www.cve.org

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.5%

JSON

SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future.

CNA Affected

[
  {
    "product": "WebHelpDesk ",
    "vendor": "SolarWinds",
    "versions": [
      {
        "lessThan": "12.7.8 HF 1 ",
        "status": "affected",
        "version": "12.7.8 and previous versions",
        "versionType": "custom"
      }
    ]
  }
]

References

support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-8-Hotfix-1-Release-Notes?language=en_US

www.solarwinds.com/trust-center/security-advisories/CVE-2021-35254

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.5%

JSON

Related for CVELIST:CVE-2021-35254