Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.
References
| Link | Resource |
|---|---|
| https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076 | Vendor Advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/208278 | Third Party Advisory VDB Entry |
| https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076 | Vendor Advisory |
Configurations
History
21 Nov 2024, 06:06
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076 - Vendor Advisory |
25 Jan 2024, 21:34
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076 - Vendor Advisory | |
| CPE | cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:* |
07 Nov 2023, 03:35
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076 - |
Information
Published : 2021-08-26 15:15
Updated : 2024-11-21 06:06
NVD link : CVE-2021-32076
Mitre link : CVE-2021-32076
CVE.ORG link : CVE-2021-32076
JSON object : View
Products Affected
solarwinds
- web_help_desk
CWE
CWE-290
Authentication Bypass by Spoofing