What is the severity of CVE-2021-35232?

CVE-2021-35232 is considered a critical vulnerability due to hard coded credentials that can be exploited to execute arbitrary queries.

How do I fix CVE-2021-35232?

To fix CVE-2021-35232, update your SolarWinds Web Help Desk software to version 12.7.7 or higher, which addresses this vulnerability.

What are the implications of CVE-2021-35232?

The implications of CVE-2021-35232 include the risk of unauthorized access to the database, allowing attackers to potentially steal sensitive information.

Who is affected by CVE-2021-35232?

CVE-2021-35232 affects users of SolarWinds Web Help Desk versions up to and including 12.7.6.

Is there a workaround for CVE-2021-35232?

There are no effective workarounds for CVE-2021-35232; the most secure action is to upgrade to the patched version.

Vulnerability/
CVE-2021-35232

medium

6.8

CWE

798

27/12/2021

17/9/2024

CVE-2021-35232: Hard credentials discovered in SolarWinds Web Help Desk which allows to execute Arbitrary Hibernate Queries

First published: Mon Dec 27 2021(Updated: )

Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database.

Credit: psirt@solarwinds.com

Affected Software	Affected Version	How to fix
SolarWinds	<=12.7.6

Remedy

SolarWinds advises the customers to upgrade to the latest Web Help Desk 12.7.7 Hotfix 1 product release once it becomes generally available.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-35232?
CVE-2021-35232 is considered a critical vulnerability due to hard coded credentials that can be exploited to execute arbitrary queries.
How do I fix CVE-2021-35232?
To fix CVE-2021-35232, update your SolarWinds Web Help Desk software to version 12.7.7 or higher, which addresses this vulnerability.
What are the implications of CVE-2021-35232?
The implications of CVE-2021-35232 include the risk of unauthorized access to the database, allowing attackers to potentially steal sensitive information.
Who is affected by CVE-2021-35232?
CVE-2021-35232 affects users of SolarWinds Web Help Desk versions up to and including 12.7.6.
Is there a workaround for CVE-2021-35232?
There are no effective workarounds for CVE-2021-35232; the most secure action is to upgrade to the patched version.

agent/references
agent/author
agent/type
agent/softwarecombine
agent/weakness
agent/title
agent/severity
collector/mitre-cve
source/MITRE
agent/remedy
agent/description
agent/first-publish-date
agent/event
agent/last-modified-date
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
vendor/solarwinds
canonical/solarwinds
version/solarwinds/12.7.6

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.