CVE-2021-35254

EPSS 0.97%
Veröffentlicht 25.03.2022 19:15:08
Zuletzt bearbeitet 21.11.2024 06:12:09
Quelle psirt@solarwinds.com
CVE-Watchlists
Login
Unerledigt
Login

Authenticated Remote Code Execution in WebHelpDesk 12.7.8

SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Solarwinds ≫ Webhelpdesk Version < 12.7.8

Solarwinds ≫ Webhelpdesk Version12.7.8 Update-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.97%	0.574

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
psirt@solarwinds.com	8.2	1.8	5.8	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-8-Hotfix-1-Release-Notes?language=en_US

Vendor Advisory

Release Notes

Mitigation

https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35254

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-35254

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-35254

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-35254

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-35254