CVE-2021-35243

EPSS 0.63%
Veröffentlicht 23.12.2021 20:15:11
Zuletzt bearbeitet 21.11.2024 06:12:08
Quelle psirt@solarwinds.com
CVE-Watchlists
Login
Unerledigt
Login

The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Solarwinds ≫ Web Help Desk Version <= 12.7.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.63%	0.698

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N
psirt@solarwinds.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-749 Exposed Dangerous Method or Function

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US

Vendor Advisory

Release Notes

https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35243

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-35243

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-35243

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-35243

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-35243