← volver
CVE-2021-32076

Access Restriction bypass vulnerability via referrer spoof - Business Logic Bypass

CVSS 5.3 MEDIUMEPSS 1.2%CWE-290
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.3EPSS 1.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
26 ago 2021Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Productos afectados
SolarWinds · Web Help Desk

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076