Lucene search

K
cvelistSolarWindsCVELIST:CVE-2024-28987
HistoryAug 21, 2024 - 9:17 p.m.

CVE-2024-28987 SolarWinds Web Help Desk Hardcoded Credential Vulnerability

2024-08-2121:17:23
CWE-798
SolarWinds
www.cve.org
9
solarwinds
web help desk
hardcoded credential
vulnerability
remote unauthenticated user
internal functionality
modify data

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.942

Percentile

99.2%

The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Web Help Desk",
    "vendor": "SolarWinds",
    "versions": [
      {
        "status": "affected",
        "version": "12.8.3 Hotfix 1 and previous versions"
      }
    ]
  }
]

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.942

Percentile

99.2%