Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-35243

The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity.

Published

2021-12-23T20:15:11.480

Last Modified

2024-11-21T06:12:08.280

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-749
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	solarwinds	web_help_desk	≤ 12.7.7	Yes

References

https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US Release Notes, Vendor Advisory ([email protected])
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35243 Vendor Advisory ([email protected])
https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US Release Notes, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35243 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)