cvedb.io
CVE-2021-32076
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2021-08-26T15:15:06.993 · Last modified 2026-06-17T03:52:45.650

Summary

Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.

Affected products

solarwinds — web_help_desk

Does this affect you?

Add your gear to cvedb and we'll alert you only when solarwinds ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.