Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database.
References
Link | Resource |
---|---|
https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US | Release Notes Vendor Advisory |
https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35232 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: SolarWinds
Published: 2021-12-22T00:00:00
Updated: 2023-08-03T20:30:17.665Z
Reserved: 2021-06-22T00:00:00
Link: CVE-2021-35232
JSON object: View
NVD Information
Status : Modified
Published: 2021-12-27T19:15:08.290
Modified: 2023-08-03T21:15:11.197
Link: CVE-2021-35232
JSON object: View
Redhat Information
No data.
CWE