First published: Thu Aug 26 2021(Updated: )
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.
Credit: cve@mitre.org psirt@solarwinds.com
Affected Software | Affected Version | How to fix |
---|---|---|
SolarWinds Web Help Desk | =12.7.2 | |
SolarWinds Web Help Desk | <=12.7.2 |
SolarWinds has released version 12.7.6 and it is suggested to upgrade as soon as possible.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-32076 is medium with a severity value of 5.3.
CVE-2021-32076 affects SolarWinds Web Help Desk version 12.7.2.
CVE-2021-32076 is an access restriction bypass vulnerability via referrer spoof in SolarWinds Web Help Desk version 12.7.2.
An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP requests.
Yes, please refer to the following links for more information: [Link 1](https://exchange.xforce.ibmcloud.com/vulnerabilities/208278), [Link 2](https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076)