"-Synchronized-Data."

2021/32xxx/CVE-2021-32076.json

@@ -1,18 +1,101 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
     "CVE_data_meta": {
-        "ID": "CVE-2021-32076",
         "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "DATE_PUBLIC": "2021-08-20T14:12:00.000Z",
+        "ID": "CVE-2021-32076",
+        "STATE": "PUBLIC",
+        "TITLE": "Access Restriction bypass vulnerability via referrer spoof - Business Logic Bypass"
     },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "credit": [
+        {
+            "lang": "eng",
+            "value": "SolarWinds would like to thank Moaaz Taha for reporting on the issue in a responsible manner."
+        }
+    ],
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the \u201cWeb Help Desk Getting Started Wizard\u201d, especially the admin account creationpage, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback."
             }
         ]
+    },
+    "generator": {
+        "engine": "Vulnogram 0.0.9"
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "NONE",
+            "baseScore": 5.3,
+            "baseSeverity": "MEDIUM",
+            "confidentialityImpact": "LOW",
+            "integrityImpact": "NONE",
+            "privilegesRequired": "NONE",
+            "scope": "UNCHANGED",
+            "userInteraction": "NONE",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076",
+                "name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076"
+            }
+        ]
+    },
+    "solution": [
+        {
+            "lang": "eng",
+            "value": "SolarWinds has released version 12.7.6 and it is suggested to upgrade as soon as possible."
+        }
+    ],
+    "source": {
+        "defect": [
+            "CVE-2021-32076"
+        ],
+        "discovery": "UNKNOWN"
     }
 }