CVE-2021-35232

High PUBLISHED

Hard credentials discovered in SolarWinds Web Help Desk which allows to execute Arbitrary Hibernate Queries

SolarWinds · Web Help Desk

Not yet in CISA KEV

Exploited in the wild

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
High
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
Not yet in CISA KEV
CVSS / EPSS
6.8 Medium

At a Glance

Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database.

CVE Published
Dec 27, 2021
Exploitation Reported
Dec 27, 2021
CVSS
6.8 Medium
EPSS
Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
SolarWinds
Web Help Desk

12.7.7 and previous versions to < 12.7.7 HF 1

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.