CVE Vulnerability

CVE-2021-32076

Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

5.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076 Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/208278 Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:solarwinds:web_help_desk:12.7.2:*:*:*:*:*:*:*
Information

Published : 2021-08-26 03:15

Updated : 2021-09-23 12:21

NVD link : CVE-2021-32076

Mitre link : CVE-2021-32076

Products Affected
No products.
CWE
CWE-290

Authentication Bypass by Spoofing