First published: Fri Mar 25 2022(Updated: )
SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future.
Credit: psirt@solarwinds.com
Affected Software | Affected Version | How to fix |
---|---|---|
SolarWinds WebHelpDesk | <12.7.8 | |
SolarWinds WebHelpDesk | =12.7.8 |
SolarWinds advises to upgrade to the latest version of Web Help Desk (WHD 12.7.8 HF 1).
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-35254 is a vulnerability reported in SolarWinds WebHelpDesk where an input that was not sanitized, which has now been removed to prevent misuse.
SolarWinds WebHelpDesk versions up to and including 12.7.8 are affected by CVE-2021-35254.
CVE-2021-35254 has a severity rating of 8.8 (high).
To fix CVE-2021-35254, update SolarWinds WebHelpDesk to version 12.7.8 Hotfix 1 or later.
You can find more information about CVE-2021-35254 in the SolarWinds support article [Web Help Desk 12.7.8 Hotfix 1 Release Notes](https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-8-Hotfix-1-Release-Notes?language=en_US) and the SolarWinds security advisory for [CVE-2021-35254](https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35254).