CVE-2021-32076

Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.

Published: Aug 26, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-32076
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-290

Affected Software
References

Software	From	Fixed in
solarwinds / web_help_desk	-	12.7.2.x

https://exchange.xforce.ibmcloud.com/vulnerabilities/208278
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076

Vulnerability Database

CVE-2021-32076