CVE-2021-35254

Authenticated Remote Code Execution in WebHelpDesk 12.7.8

CVSS 8.2 HIGHEPSS 1.0%CWE-20

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.2EPSS 1.0%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

25 Mar 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

Affected products

SolarWinds · WebHelpDesk

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-8-Hotfix-1-Release-Notes?language=en_US https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35254