Vulnerability Description
Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Solarwinds | Webhelpdesk | <= 12.7.6 |
Related Weaknesses (CWE)
References
- https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-HotfRelease NotesVendor Advisory
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35232Vendor Advisory
- https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-HotfRelease NotesVendor Advisory
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35232Vendor Advisory
FAQ
What is CVE-2021-35232?
CVE-2021-35232 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queri...
How severe is CVE-2021-35232?
CVE-2021-35232 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-35232?
Check the references section above for vendor advisories and patch information. Affected products include: Solarwinds Webhelpdesk.