CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28989 – SolarWinds Web Help Desk Cryptographic Key Management Vulnerability
https://notcve.org/view.php?id=CVE-2024-28989
11 Feb 2025 — SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software. • https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-5_release_notes.htm • CWE-321: Use of Hard-coded Cryptographic Key •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45709 – SolarWinds Web Help Desk Local File Read Vulnerability
https://notcve.org/view.php?id=CVE-2024-45709
10 Dec 2024 — SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited. • https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-4_release_notes.htm • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.4EPSS: 96%CPEs: 2EXPL: 6CVE-2024-28987 – SolarWinds Web Help Desk Hardcoded Credential Vulnerability
https://notcve.org/view.php?id=CVE-2024-28987
21 Aug 2024 — The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data. SolarWinds Web Help Desk contains a hardcoded credential vulnerability that could allow a remote, unauthenticated user to access internal functionality and modify data. • https://github.com/fa-rrel/CVE-2024-28987-POC • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 0CVE-2024-28986 – SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2024-28986
13 Aug 2024 — SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available. SolarWinds Web Help Desk was found to be sus... • https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-35251 – Sensitive Data Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-35251
09 Mar 2022 — Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation. Podría mostrarse información confidencial cuando es publicado un mensaje de error técnico detallado. Esta información podría revelar detalles del entorno de la instalación del servicio de asistencia web • https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-7-8_release_notes.htm • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-35243 – HTTP PUT & DELETE Methods Enabled
https://notcve.org/view.php?id=CVE-2021-35243
23 Dec 2021 — The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity. Los métodos HTTP PUT y DELETE fueron habilitados en el... • https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US • CWE-749: Exposed Dangerous Method or Function •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32076 – Access Restriction bypass vulnerability via referrer spoof - Business Logic Bypass
https://notcve.org/view.php?id=CVE-2021-32076
26 Aug 2021 — Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback. En SolarWinds Web Help Desk versión 12.7.2, se ha detectado una Omisión de Restricciones de Acceso por medio de una suplantación de ref... • https://exchange.xforce.ibmcloud.com/vulnerabilities/208278 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16961
https://notcve.org/view.php?id=CVE-2019-16961
15 Jan 2021 — SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name. SolarWinds Web Help Desk versión 12.7.0, permite un ataque de tipo XSS por medio de un Schedule Name • https://support.solarwinds.com/SuccessCenter/s • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16954
https://notcve.org/view.php?id=CVE-2019-16954
06 Jan 2021 — SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket. SolarWinds Web Help Desk versión 12.7.0, permite una inyección de HTML por medio de un Comentario en un ticket de Petición de Ayuda • https://support.solarwinds.com/SuccessCenter/s • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16960
https://notcve.org/view.php?id=CVE-2019-16960
04 Jan 2021 — SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field. SolarWinds Web Help Desk versión 12.7.0, permite un ataque de tipo XSS por medio de un archivo de plantilla CSV con un campo Location Name diseñado. • https://support.solarwinds.com/SuccessCenter/s • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •