Lucene search

[email protected]NVD:CVE-2021-32076

HistoryAug 26, 2021 - 3:15 p.m.

CVE-2021-32076

2021-08-2615:15:06

CWE-290

[email protected]

web.nvd.nist.gov

solarwinds

help desk

access restriction

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

34.7%

JSON

Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the ‘Web Help Desk Getting Started Wizard’, especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.

Affected configurations

Nvd

Node

solarwindsweb_help_deskRange≤12.7.2

VendorProductVersionCPE
solarwindsweb_help_desk*cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
solarwinds	web_help_desk	*	cpe:2.3:a:solarwinds:web_help_desk::::::::

References

exchange.xforce.ibmcloud.com/vulnerabilities/208278

www.solarwinds.com/trust-center/security-advisories/cve-2021-32076

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

34.7%

JSON

Related for NVD:CVE-2021-32076

prion1 cve1 cvelist1