Unrated severityNVD Advisory· Published Aug 26, 2021· Updated Sep 17, 2024
Access Restriction bypass vulnerability via referrer spoof - Business Logic Bypass
CVE-2021-32076
Description
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=12.7.2
- SolarWinds/Web Help Deskv5Range: unspecified
Patches
Vulnerability mechanics
References
1- www.solarwinds.com/trust-center/security-advisories/cve-2021-32076mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.