Lucene search

K
SolarwindsWeb Help Desk

11 matches found

CVE
CVE
added 2024/08/13 11:15 p.m.220 views

CVE-2024-28986

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it w...

9.8CVSS9.8AI score0.3262EPSS
CVE
CVE
added 2021/01/04 8:15 a.m.193 views

CVE-2019-16956

SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parameter of a ticket.

5.4CVSS5.3AI score0.01934EPSS
CVE
CVE
added 2024/08/21 10:15 p.m.190 views

CVE-2024-28987

The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.

9.1CVSS9.3AI score0.94221EPSS
CVE
CVE
added 2022/03/10 5:42 p.m.76 views

CVE-2021-35251

Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation.

5.3CVSS5.1AI score0.00722EPSS
CVE
CVE
added 2021/01/04 8:15 a.m.67 views

CVE-2019-16960

SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field.

5.4CVSS5.1AI score0.01934EPSS
CVE
CVE
added 2024/12/10 9:15 a.m.62 views

CVE-2024-45709

SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited.

5.5CVSS5.1AI score0.00083EPSS
CVE
CVE
added 2021/08/26 3:15 p.m.59 views

CVE-2021-32076

Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP ...

5.3CVSS5.2AI score0.00478EPSS
CVE
CVE
added 2021/12/23 8:15 p.m.59 views

CVE-2021-35243

The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the o...

7.5CVSS6.5AI score0.00462EPSS
CVE
CVE
added 2021/01/15 2:15 p.m.46 views

CVE-2019-16961

SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name.

5.4CVSS5.2AI score0.02185EPSS
CVE
CVE
added 2025/02/11 8:15 a.m.38 views

CVE-2024-28989

SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software.

5.5CVSS5.2AI score0.00037EPSS
CVE
CVE
added 2021/01/06 5:15 p.m.29 views

CVE-2019-16954

SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket.

5.4CVSS5.6AI score0.01433EPSS