Authenticated Remote Code Execution in WebHelpDesk 12.7.8
CVE-2021-35254

8.2HIGH

Key Information:

Vendor: Solarwinds
Status: Webhelpdesk
Vendor: CVE Published:; 25 March 2022

What is CVE-2021-35254?

SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future.

Affected Version(s)

WebHelpDesk 12.7.8 and previous versions < 12.7.8 HF 1

References

https://support.solarwinds.com/SuccessCenter/s/article/We...

x_refsource_MISC

https://www.solarwinds.com/trust-center/security-advisori...

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2022
Vulnerability Reserved
Jun 22, 2021

Solarwinds

What is CVE-2021-35254?

Affected Version(s)

References

CVSS V3.1

Timeline