admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-320xx/CVE-2021-32076.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

142 lines
4.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-32076",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-08-26T15:15:06.993",
"lastModified": "2021-09-23T12:21:29.600",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback."
},
{
"lang": "es",
"value": "En SolarWinds Web Help Desk versi\u00f3n 12.7.2, se ha detectado una Omisi\u00f3n de Restricciones de Acceso por medio de una suplantaci\u00f3n de referencias. Un atacante puede acceder a \"Web Help Desk Getting Started Wizard\", especialmente a la p\u00e1gina de creaci\u00f3n de la cuenta de administrador, desde un rango de red de direcciones IP sin privilegios o una direcci\u00f3n de loopback al interceptar la petici\u00f3n HTTP y cambiando el referrer de la direcci\u00f3n IP p\u00fablica al loopback"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-290"
}
]
},
{
"source": "cve@mitre.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-290"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:12.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "502133BC-229B-4F75-B8FF-DC2BC655918C"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/208278",
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink