CVE-2021-32076
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SolarWinds | Web Help Desk | unspecified <= 12.7.5 | affected |
Weaknesses
- CWE-290: CWE-290 Authentication Bypass by Spoofing
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.