CVE-2021-35254

Published: Mar 25, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future.

Affected (2)

Products: Solarwinds: Webhelpdesk

Solarwinds

1 product

Webhelpdesk

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Solarwinds Webhelpdesk	Before 12.7.8
Solarwinds Webhelpdesk	Version 12.7.8

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-8-Hotfix-1-Release-Notes?language=en_US

Source: psirt@solarwinds.com

MitigationRelease NotesVendor Advisory

https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35254

Source: psirt@solarwinds.com

PatchVendor Advisory

https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-8-Hotfix-1-Release-Notes?language=en_US

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationRelease NotesVendor Advisory

https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35254

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.