CVE-2021-32076

EPSS 0.49%
Veröffentlicht 26.08.2021 15:15:06
Zuletzt bearbeitet 21.11.2024 06:06:48
Quelle psirt@solarwinds.com
CVE-Watchlists
Login
Unerledigt
Login

Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Solarwinds ≫ Web Help Desk Version <= 12.7.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.49%	0.645

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
psirt@solarwinds.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/208278

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2021-32076

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-32076

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-32076

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-32076