CVE-2021-32076
MEDIUMSolarWinds Web Help Desk < 12.7.2 - Authentication Bypass via Referrer Spoofing
Title source: llmDescription
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076
Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/208278
Scores
CVSS v3
5.3
EPSS
0.0049
EPSS Percentile
65.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-290
Status
published
Products (1)
solarwinds/web_help_desk
< 12.7.2
Published
Aug 26, 2021
Tracked Since
Feb 18, 2026