21 matches found
CVE-2024-28986
SolarWinds Web Help Desk
CVE-2024-28987
SolarWinds Web Help Desk (WHD) is affected by a hardcoded credential vulnerability that allows remote, unauthenticated access to internal functionality and data modification. Affected versions are WHD
CVE-2019-16956
SolarWinds Web Help Desk 12.7.0 is affected by a Cross‑Site Scripting (XSS) vulnerability exploitable via the Request Type parameter in a ticket. The connected sources confirm the affected product and vulnerability class but do not provide exploit details, affected versions beyond 12.7.0, or a re...
CVE-2021-35251
CVE-2021-35251 affects SolarWinds Web Help Desk. The issue is information disclosure caused by detailed error messages that can reveal environmental details of the installation. Connected sources indicate a public remediation path via WHD 12-7-8 release notes (patch/update). Explicit exploitation...
CVE-2019-16960
SolarWinds Web Help Desk 12.7.0 is affected by a cross-site scripting (XSS) vulnerability that can be triggered via a crafted CSV template file, using a manipulated Location Name field. The connected Red Hat and CNVD entries corroborate the vulnerability description and refer to the same CVE-2019...
CVE-2021-32076
SolarWinds Web Help Desk 12.7.2 is affected by an Access Restriction Bypass via referrer spoof. An attacker can reach the Web Help Desk Getting Started Wizard, including the admin account creation page, by intercepting an HTTP request and changing the referrer from the public IP to the loopback, ...
CVE-2021-35243
The CVE-2021-35243 entry is associated with SolarWinds Web Help Desk (versions 12.7.7 and earlier). The vulnerability arises from HTTP PUT and DELETE methods being enabled on the web server, enabling users to issue potentially dangerous requests. According to the NVD description, improper use of ...
CVE-2024-45709
CVE-2024-45709 affects SolarWinds Web Help Desk. The vulnerability is a local file read flaw that requires the product to be installed on Linux and configured to use a non-default development/test mode, which limits exposure. The available sources do not specify affected versions (beyond the Linu...
CVE-2019-16961
CVE-2019-16961 affects SolarWinds Web Help Desk 12.7.0 and is a cross-site scripting (XSS) vulnerability exploitable via a Schedule Name. The connected Red Hat/CNVD/NVD entries corroborate the same issue. The NVD metrics list a CVSS v3.1 base score of 5.4 (MEDIUM) with network attack vector, low ...
CVE-2025-26399
SolarWinds Web Help Desk (WHD) is affected by CVE-2025-26399, an unauthenticated AjaxProxy deserialization vulnerability that enables remote code execution. This is a patch bypass of CVE-2024-28988 (and 2024-28986). In-the-wild activity and security guidance from Microsoft indicate unauthenticate...
CVE-2024-28989
CVE-2024-28989 affects SolarWinds Web Help Desk prior to version 12.8.5. The issue stems from a hardcoded cryptographic key, enabling disclosure of sensitive information (confidentiality impact HIGH) via a local attack with low privileges and no user interaction required. Remediation is to upgrad...
CVE-2025-40551
SolarWinds Web Help Desk (before 2026.1) contains an untrusted data deserialization vulnerability in the jabsorb JSON-RPC library (CVE-2025-40551) that can lead to unauthenticated remote code execution. Public reports describe exploitation chains including JNDI injection when combined with other ...
CVE-2025-40554
Summary of CVE-2025-40554 (SolarWinds Web Help Desk) : The vulnerability is an authentication bypass in the WebObjects session handling of SolarWinds Web Help Desk (affecting 12.8.8 HF1 and earlier). An unauthenticated attacker can craft a request to an internal admin page endpoint and bypass aut...
CVE-2019-16954
CVE-2019-16954 affects SolarWinds Web Help Desk 12.7.0 with an HTML injection vulnerability via the Comment in a Help Request ticket. The provided connected documents indicate the flaw is caused by accepting user input in a Comment and injecting it into HTML, but do not provide explicit exploit s...
CVE-2025-40536
CVE-2025-40536 relates to SolarWinds Web Help Desk and is described in connected sources as a security control bypass that could allow an unauthenticated attacker to access certain restricted functionality. The KEV/KEA entries note active exploitation risk, and a Metasploit module documents an un...
CVE-2026-28299
The CVE-2026-28299 entry concerns SolarWinds Web Help Desk with a denial-of-service vulnerability that could cause the server to crash due to insufficient memory. Connected sources confirm the issue and provide CVSS:3.1 base score 8.2 (HIGH) with Network attack vector, low attack complexity, no p...
CVE-2024-28988
SolarWinds Web Help Desk is affected by a Java deserialization Remote Code Execution flaw that could allow unauthenticated remote commands on the host. Root cause appears to be insecure deserialization in the Web Help Desk component. The vulnerability is addressed by upgrading to 12.8.3 with Hotf...
CVE-2025-40537
SolarWinds Web Help Desk (WHD) is affected by CVE-2025-40537, a hard-coded credentials vulnerability that could allow access to administrative functions. The issue is addressed in WHD version 2026.1 (fixes for multiple WHD flaws, including 40537). The CVE is discussed alongside related WHD flaws ...
CVE-2025-40552
CVE-2025-40552 affects SolarWinds Web Help Desk. It is an authentication bypass vulnerability in WHD that could allow an attacker to execute actions and methods that should be protected by authentication. Connected sources also note related high-severity flaws in the same product family (e.g., CV...
CVE-2025-26400
CVE-2025-26400 affects SolarWinds Web Help Desk. XXE vulnerability could lead to information disclosure; exploitation requires valid, low-privilege access unless the attacker has local server access to modify config files. Connected sources indicate affected versions before 12.8.7; remediation is...
CVE-2025-40553
CVE-2025-40553 affects SolarWinds Web Help Desk. The vulnerability is an untrusted data deserialization flaw that could lead to remote code execution and can be exploited without authentication. Fixed in WHD 2026.1; users should apply the latest update to mitigate. The connected sources also refe...