CVE-2021-35232 - OpenCVE

Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Solarwinds	Webhelpdesk

Configuration 1 [-]

cpe:2.3:a:solarwinds:webhelpdesk:*:*:*:*:*:*:*:*

References

Link	Resource
https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US	Release Notes Vendor Advisory
https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35232	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: SolarWinds

Published: 2021-12-22T00:00:00

Updated: 2023-08-03T20:30:17.665Z

Reserved: 2021-06-22T00:00:00

Link: CVE-2021-35232

JSON object: View

NVD Information

Status : Modified

Published: 2021-12-27T19:15:08.290

Modified: 2023-08-03T21:15:11.197

Link: CVE-2021-35232

JSON object: View

Redhat Information

No data.

CWE

CWE-798

{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Web Help Desk", "vendor": "SolarWinds", "versions": [{"lessThan": "12.7.7 HF 1 ", "status": "affected", "version": "12.7.7 and previous versions", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Shubham Shah "}], "datePublic": "2021-12-21T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database.</p>"}], "value": "Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-798", "description": "CWE-798: Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds", "dateUpdated": "2023-08-03T20:30:17.665Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35232"}, {"tags": ["x_refsource_MISC"], "url": "https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>SolarWinds advises the customers to upgrade to the latest Web Help Desk 12.7.7 Hotfix 1 product release once it becomes generally available.</p>"}], "value": "SolarWinds advises the customers to upgrade to the latest Web Help Desk 12.7.7 Hotfix 1 product release once it becomes generally available.\n\n"}], "source": {"defect": ["CVE-2021-35232"], "discovery": "EXTERNAL"}, "title": "Hard credentials discovered in SolarWinds Web Help Desk which allows to execute Arbitrary Hibernate Queries", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@solarwinds.com", "DATE_PUBLIC": "2021-12-22T15:45:00.000Z", "ID": "CVE-2021-35232", "STATE": "PUBLIC", "TITLE": "Hard credentials discovered in SolarWinds Web Help Desk which allows to execute Arbitrary Hibernate Queries"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Web Help Desk", "version": {"version_data": [{"version_affected": "<", "version_name": "12.7.7 and previous versions", "version_value": "12.7.7 HF 1 "}]}}]}, "vendor_name": "SolarWinds"}]}}, "credit": [{"lang": "eng", "value": "Shubham Shah "}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"}]}]}, "references": {"reference_data": [{"name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35232", "refsource": "MISC", "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35232"}, {"name": "https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US", "refsource": "MISC", "url": "https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US"}]}, "solution": [{"lang": "en", "value": "SolarWinds advises the customers to upgrade to the latest Web Help Desk 12.7.7 Hotfix 1 product release once it becomes generally available."}], "source": {"defect": ["CVE-2021-35232"], "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "assignerShortName": "SolarWinds", "cveId": "CVE-2021-35232", "datePublished": "2021-12-22T00:00:00", "dateReserved": "2021-06-22T00:00:00", "dateUpdated": "2023-08-03T20:30:17.665Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:solarwinds:webhelpdesk:*:*:*:*:*:*:*:*", "matchCriteriaId": "53DE7A1A-2EF0-4757-AF6B-70839D4BA698", "versionEndIncluding": "12.7.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database.\n\n"}, {"lang": "es", "value": "Se han detectado credenciales embebidas en el producto SolarWinds Web Help Desk. Mediante estas credenciales, el atacante con acceso local a la m\u00e1quina anfitriona de Web Help Desk permite ejecutar consultas HQL arbitrarias contra la base de datos y aprovechar la vulnerabilidad para robar los hashes de las contrase\u00f1as de los usuarios o insertar datos arbitrarios en la base de datos"}], "id": "CVE-2021-35232", "lastModified": "2023-08-03T21:15:11.197", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 4.2, "source": "psirt@solarwinds.com", "type": "Secondary"}]}, "published": "2021-12-27T19:15:08.290", "references": [{"source": "psirt@solarwinds.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US"}, {"source": "psirt@solarwinds.com", "tags": ["Vendor Advisory"], "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35232"}], "sourceIdentifier": "psirt@solarwinds.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-798"}], "source": "psirt@solarwinds.com", "type": "Secondary"}]}