CVE-2021-35254

Description

SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Affected products

SolarWinds / WebHelpDesk12.7.8 and previous versions – 12.7.8 HF 1

References

MISChttps://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-8-Hotfix-1-Release-Notes?language=en_US
VENDOR_ADVISORYhttps://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35254