Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.
References
Link | Resource |
---|---|
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076 | Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/208278 | Third Party Advisory VDB Entry |
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076 | Vendor Advisory |
Configurations
History
21 Nov 2024, 06:06
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076 - Vendor Advisory |
25 Jan 2024, 21:34
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:* | |
References | () https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076 - Vendor Advisory |
23 Sep 2021, 12:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-290 | |
References | (MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/208278 - Third Party Advisory, VDB Entry |
02 Sep 2021, 14:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback. |
02 Sep 2021, 13:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the ‘Web Help Desk Getting Started Wizard’, especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback. |
01 Sep 2021, 14:21
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | (MISC) https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076 - Broken Link | |
CWE | CWE-863 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
CPE | cpe:2.3:a:solarwinds:web_help_desk:12.7.2:*:*:*:*:*:*:* |
26 Aug 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-08-26 15:15
Updated : 2024-11-21 06:06
NVD link : CVE-2021-32076
Mitre link : CVE-2021-32076
CVE.ORG link : CVE-2021-32076
JSON object : View
Products Affected
solarwinds
- web_help_desk
CWE
CWE-290
Authentication Bypass by Spoofing