What is CVE-2021-35243?

CVE-2021-35243 is a medium-severity vulnerability in Solarwinds Web Help Desk, classified under CWE-749. CVSS score: 5.3/10. Published 2021-12-23.

How severe is CVE-2021-35243?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Vulnerability in Solarwinds Web Help Desk

CVE-2021-35243

The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a us…

EPSS: 0.006 (70.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N.

Affected products

Solarwinds Web Help Desk — versions 12.7.7 and previous versions 12.7.7 HF1

Weakness classification (CWE)

CWE-749

References

www.solarwinds.com/trust-center/security-advisories/cve-2021-35243 (x_refsource_MISC)
support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Re… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-35243?: CVE-2021-35243 is a medium-severity vulnerability in Solarwinds Web Help Desk, classified under CWE-749. CVSS score: 5.3/10. Published 2021-12-23.
How severe is CVE-2021-35243?: Medium severity. CVSS v3 base score is 5.3 out of 10.