What is CVE-2021-35232?

CVE-2021-35232 is a medium-severity vulnerability in Solarwinds Web Help Desk, classified under Use of Hard-coded Credentials. CVSS score: 6.8/10. Published 2021-12-27.

How severe is CVE-2021-35232?

Medium severity. CVSS v3 base score is 6.8 out of 10.

Is CVE-2021-35232 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Solarwinds Web Help Desk

CVE-2021-35232

Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage th…

EPSS: 0.002 (46.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N.

Affected products

Solarwinds Web Help Desk — versions 12.7.7 and previous versions

Weakness classification (CWE)

CWE-798 — Use of Hard-coded Credentials

Public proof-of-concept exploits

References

www.solarwinds.com/trust-center/security-advisories/CVE-2021-35232 (x_refsource_MISC)
support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Re… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-35232?: CVE-2021-35232 is a medium-severity vulnerability in Solarwinds Web Help Desk, classified under Use of Hard-coded Credentials. CVSS score: 6.8/10. Published 2021-12-27.
How severe is CVE-2021-35232?: Medium severity. CVSS v3 base score is 6.8 out of 10.
Is CVE-2021-35232 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.