Vulnerability Description
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Solarwinds | Web Help Desk | <= 12.7.2 |
Related Weaknesses (CWE)
References
- https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/208278Third Party AdvisoryVDB Entry
- https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076Vendor Advisory
FAQ
What is CVE-2021-32076?
CVE-2021-32076 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation...
How severe is CVE-2021-32076?
CVE-2021-32076 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-32076?
Check the references section above for vendor advisories and patch information. Affected products include: Solarwinds Web Help Desk.