← back
CVE-2021-32076

Access Restriction bypass vulnerability via referrer spoof - Business Logic Bypass

CVSS 5.3 MEDIUMEPSS 1.2%CWE-290
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.3EPSS 1.2%KEV nãoPoC Patch
Lifecycle
26 Aug 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
SolarWinds · Web Help Desk

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076