Vulnerability Description
The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Solarwinds | Web Help Desk | <= 12.7.7 |
Related Weaknesses (CWE)
References
- https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-HotfRelease NotesVendor Advisory
- https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35243Vendor Advisory
- https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-HotfRelease NotesVendor Advisory
- https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35243Vendor Advisory
FAQ
What is CVE-2021-35243?
CVE-2021-35243 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload dat...
How severe is CVE-2021-35243?
CVE-2021-35243 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-35243?
Check the references section above for vendor advisories and patch information. Affected products include: Solarwinds Web Help Desk.