← voltar
CVE-2021-32076

Access Restriction bypass vulnerability via referrer spoof - Business Logic Bypass

CVSS 5.3 MEDIUMEPSS 1.2%CWE-290
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5.3EPSS 1.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
26 ago 2021Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Produtos afetados
SolarWinds · Web Help Desk

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076