CVE-2021-32076

Name of the Vulnerable Software and Affected Versions: SolarWinds Web Help Desk version 12.7.2

Description: A security issue was discovered, allowing access restriction bypass via referrer spoof. An attacker can access the "Web Help Desk Getting Started Wizard", specifically the admin account creation page, from a non-privileged IP address network range or loopback address. This is achieved by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.

Recommendations: For SolarWinds Web Help Desk version 12.7.2, consider restricting access to the "Web Help Desk Getting Started Wizard" to prevent unauthorized admin account creation until a patch is available. As a temporary workaround, monitor HTTP requests for referrer spoofing attempts and implement additional security measures to prevent access from non-privileged IP address network ranges or loopback addresses.