Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Access Restriction bypass vulnerability via referrer spoof - Business Logic Bypass
Vulnerability Description
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
使用欺骗进行的认证绕过
Vulnerability Title
SolarWinds Web Help Desk 安全漏洞
Vulnerability Description
Solarwinds Web Help Desk是美国Solarwinds公司的一套服务台和资产管理软件。该软件支持集中式知识库、IT资产管理、项目和任务管理等功能。 SolarWinds Web Help Desk 12.7.2中存在安全漏洞,攻击者可利用该漏洞可以拦截HTTP请求,并将公网IP地址更改为环回地址,从而访问敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A