Lucene search

SolarWindsCVELIST:CVE-2021-35243

HistoryDec 23, 2021 - 7:48 p.m.

CVE-2021-35243 HTTP PUT & DELETE Methods Enabled

2021-12-2319:48:34

CWE-749

SolarWinds

www.cve.org

cve-2021-35243

web help desk

http methods

data integrity

security risk

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

39.3%

JSON

The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity.

CNA Affected

[
  {
    "product": "Web Help Desk",
    "vendor": "SolarWinds",
    "versions": [
      {
        "status": "affected",
        "version": "12.7.7 and previous versions    12.7.7 HF1"
      }
    ]
  }
]

References

support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US

www.solarwinds.com/trust-center/security-advisories/cve-2021-35243

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

39.3%

JSON

Related for CVELIST:CVE-2021-35243