PT-2021-20854 · Solarwinds · Solarwinds Web Help Desk
Shubham Shah
·
Published
2021-12-27
·
Updated
2024-09-17
·
CVE-2021-35232
CVSS v3.1
6.8
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
SolarWinds Web Help Desk (affected versions not specified)
Description:
A security issue has been discovered in the SolarWinds Web Help Desk product, where hard-coded credentials allow an attacker with local access to the host machine to execute arbitrary HQL queries against the database. This enables the attacker to steal password hashes of users or insert arbitrary data into the database.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Solarwinds Web Help Desk