Skip to main content

Web Help Desk CVE-2021-35243

HIGH
Exposed Dangerous Method or Function (CWE-749)
2021-12-23 psirt@solarwinds.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 23, 2021 - 20:15 nvd
HIGH 7.5

DescriptionNVD

The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity.

AnalysisAI

The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-749. The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity. Affected products include: Solarwinds Web Help Desk.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-40551 CRITICAL POC
9.8 Jan 28

SolarWinds Web Help Desk contains an unauthenticated Java deserialization vulnerability (CVE-2025-40551, CVSS 9.8) that

CVE-2025-40536 HIGH POC
8.1 Jan 28

SolarWinds Web Help Desk contains a security control bypass vulnerability (CVE-2025-40536) that allows unauthenticated a

CVE-2025-40552 CRITICAL POC
9.8 Jan 28

SolarWinds Web Help Desk has an authentication bypass vulnerability (EPSS 9.9%) that allows unauthenticated attackers to

CVE-2025-40554 CRITICAL POC
9.8 Jan 28

SolarWinds Web Help Desk has a second authentication bypass (EPSS 7.8%) providing yet another path to unauthenticated ad

CVE-2024-28986 CRITICAL POC
9.8 Aug 13

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that,

CVE-2024-28987 CRITICAL POC
9.1 Aug 21

The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthe

CVE-2025-40553 CRITICAL
9.8 Jan 28

SolarWinds Web Help Desk has a second deserialization vulnerability (EPSS 11.9%) providing another unauthenticated RCE p

CVE-2024-28988 CRITICAL
9.8 Sep 01

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that,

CVE-2026-28299 HIGH
8.2 Jun 02

Denial-of-service in SolarWinds Web Help Desk allows remote unauthenticated attackers to crash the server by exhausting

CVE-2025-40537 HIGH
7.5 Jan 28

SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situat

CVE-2024-28989 MEDIUM
5.5 Feb 11

SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive in

CVE-2024-45709 MEDIUM
5.5 Dec 10

SolarWinds Web Help Desk was susceptible to a local file read vulnerability. Rated medium severity (CVSS 5.5), this vuln

Share

CVE-2021-35243 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy