CVE-2021-32076 Information
Jun 07, 2022
cve
Description
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the ‘Web Help Desk Getting Started Wizard’ especially the admin account creation page from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Reference
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076 https://exchange.xforce.ibmcloud.com/vulnerabilities/208278
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
NONE
Base Score
NONE
Base Severity
5.3
Share on: