CVE-2021-35254 HIGH

CVE-2021-35254: Authenticated Remote Code Execution in WebHelpDesk 12.7.8

Vendor Solarwinds
Product WebHelpDesk
Weakness CWE-20 · Input validation
Published March 25, 2022
Last update August 4, 2024

CVSS base score

8.2/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future.

Key dates

02Disclosure timeline

March 25, 2022 CVE published
August 4, 2024 Record updated