Trust Center Index Page SolarWinds Trust Center Security Advisories | CVE-2021-32076
Access Restriction Bypass Via Referrer Spoof - Business Logic Bypass Vulnerability (CVE-2021-32076)

Security Advisory Summary

It is possible to access “Web Help Desk Getting Started Wizard” specially in admin account creation page from non-privileged IP range or loopback by interception of the HTTP request and change the referrer from the public IP to the loopback "http://127.0.0.1:8081".

Affected Products

  • Web Help Desk 12.7.2 and earlier

Fixed Software Release

Acknowledgments

  • Moaaz Taha

Advisory Details

Severity

5.8 Medium

Advisory ID

CVE-2021-32076

First Published

08/20/2021

Version

Web Help Desk 12.7.6

{{STATIC CONTENT}}
{{CAPTION_TITLE}}

{{CAPTION_CONTENT}}

{{TITLE}}