Vulnerabilities > CVE-2021-35243 - Unspecified vulnerability in Solarwinds web Help Desk

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

solarwinds

NVD

Published: 2021-12-23

Updated: 2022-01-07

Summary

The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity.

Vulnerable Configurations

Part	Description	Count
Application	Solarwinds Solarwinds WEB Help Desk 12.1 Solarwinds WEB Help Desk 12.4 Solarwinds WEB Help Desk 12.4.2 Solarwinds WEB Help Desk 12.5 Solarwinds WEB Help Desk 12.5.1 Solarwinds WEB Help Desk 12.5.2 Solarwinds WEB Help Desk 12.6 Solarwinds WEB Help Desk 12.7.0 Solarwinds WEB Help Desk 12.7.1 Solarwinds WEB Help Desk 12.7.2 Solarwinds WEB Help Desk 12.7.3	11

Summary

Vulnerable Configurations

References