Detections
Analytics

SolarWinds Web Help Desk < 12.8.4 Multiple Vulnerabilities

medium Nessus Plugin ID 213005

Synopsis

The remote host is missing one or more security updates.

Description

The version of Solarwinds Web Help Desk installed on the remote host is prior to 12.8.4. It is, therefore, affected by multiple vulnerabilities as referenced in the 12.8.4 release notes.

 - Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements. (CVE-2020-26870)

 - SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited. (CVE-2024-45709)

 - DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check.
 This renders dompurify unable to avoid cross site scripting (XSS) attacks. This issue has been addressed in versions 2.5.4 and 3.1.3 of DOMPurify. All users are advised to upgrade. There are no known workarounds for this vulnerability. (CVE-2024-45801)

 - DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3. (CVE-2024-47875)

 - DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2. (CVE-2024-48910)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Solarwinds Web Help Desk version 12.8.4 or later.

See Also

http://www.nessus.org/u?c24befe0

Plugin Details

Severity: Medium

ID: 213005

File Name: solarwinds_web_help_desk_12_8_4.nasl

Version: 1.2

Type: combined

Agent: windows

Family: CGI abuses

Published: 12/13/2024

Updated: 12/14/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.1

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2020-26870

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:solarwinds:web_help_desk

Required KB Items: installed_sw/Solarwinds Web Help Desk

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/9/2024

Vulnerability Publication Date: 12/9/2024

Reference Information

CVE: CVE-2020-26870, CVE-2024-45709, CVE-2024-45801, CVE-2024-47875, CVE-2024-48910, CVE-2024-52316

IAVA: 2024-A-0817