Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: SolarWinds

Published: 2021-08-26T14:53:25.774505Z

Updated: 2024-09-17T01:00:44.305Z

Reserved: 2021-05-06T00:00:00

Link: CVE-2021-32076

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2021-08-26T15:15:06.993

Modified: 2024-01-25T21:34:02.087

Link: CVE-2021-32076

cve-icon Redhat

No data.