CVSS: 9.4EPSS: 94%CPEs: 2EXPL: 6CVE-2024-28987 – SolarWinds Web Help Desk Hardcoded Credential Vulnerability
https://notcve.org/view.php?id=CVE-2024-28987
21 Aug 2024 — The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data. SolarWinds Web Help Desk contains a hardcoded credential vulnerability that could allow a remote, unauthenticated user to access internal functionality and modify data. • https://github.com/fa-rrel/CVE-2024-28987-POC • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 21%CPEs: 2EXPL: 0CVE-2024-28986 – SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2024-28986
13 Aug 2024 — SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available. SolarWinds Web Help Desk was found to be sus... • https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-35254 – Authenticated Remote Code Execution in WebHelpDesk 12.7.8
https://notcve.org/view.php?id=CVE-2021-35254
25 Mar 2022 — SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future. SolarWinds recibió un informe de una vulnerabilidad relacionada con una entrada que no estaba saneada en WebHelpDesk. SolarWinds ha eliminado este campo de entrada para evitar el uso indebido de esta entrada en el futuro • https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-8-Hotfix-1-Release-Notes?language=en_US • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-35232 – Hard credentials discovered in SolarWinds Web Help Desk which allows to execute Arbitrary Hibernate Queries
https://notcve.org/view.php?id=CVE-2021-35232
27 Dec 2021 — Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database. Se han detectado credenciales embebidas en el producto SolarWinds Web Help Desk. Mediante estas credenciales, el atacante con acceso local a la máquina anfitriona de Web H... • https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US • CWE-798: Use of Hard-coded Credentials •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16959
https://notcve.org/view.php?id=CVE-2019-16959
21 Dec 2020 — SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket. SolarWinds Web Help Desk versión 12.7.0, permite una inyección CSV, también se conoce como Inyección de Fórmula, por medio de un archivo adjunto a un ticket • https://support.solarwinds.com/SuccessCenter/s • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 5.4EPSS: 1%CPEs: 1EXPL: 1CVE-2019-16955
https://notcve.org/view.php?id=CVE-2019-16955
18 Dec 2020 — SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request. SolarWinds Web Help Desk versión 12.7.0, permite un ataque de tipo XSS por medio de un documento SVG cargado en una petición • https://support.solarwinds.com/SuccessCenter/s • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 2%CPEs: 1EXPL: 1CVE-2019-16957
https://notcve.org/view.php?id=CVE-2019-16957
18 Dec 2020 — SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account. SolarWinds Web Help Desk versión 12.7.0, permite un ataque de tipo XSS por medio del campo Name de una Cuenta de Usuario • https://support.solarwinds.com/SuccessCenter/s • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-20002
https://notcve.org/view.php?id=CVE-2019-20002
27 Apr 2020 — Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user. Una Injection de Formula existe en la funcionalidad de exportación en SolarWinds WebHelpDesk versión 12.7.1, mediante un valor (proporcionado por un usuario poco privilegiado en el campo Subject de un formulario de petición de ayuda) que se maneja inapropiad... • https://medium.com/%40ayaan.saikia91/formula-injection-vulnerability-on-solarwinds-webhelpdesk-12-7-1-37569cd4cdc1 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •