Lucene search
K
SolarwindsWeb Help Desk

21 matches found

CVE
CVE
added 2024/08/13 10:6 p.m.276 views

CVE-2024-28986

SolarWinds Web Help Desk

9.8CVSS9.8AI score0.84628EPSS
In wild
CVE
CVE
added 2024/08/21 9:17 p.m.270 views

CVE-2024-28987

SolarWinds Web Help Desk (WHD) is affected by a hardcoded credential vulnerability that allows remote, unauthenticated access to internal functionality and data modification. Affected versions are WHD

9.1CVSS9.3AI score0.93299EPSS
In wildWeb
CVE
CVE
added 2021/01/04 7:56 a.m.206 views

CVE-2019-16956

SolarWinds Web Help Desk 12.7.0 is affected by a Cross‑Site Scripting (XSS) vulnerability exploitable via the Request Type parameter in a ticket. The connected sources confirm the affected product and vulnerability class but do not provide exploit details, affected versions beyond 12.7.0, or a re...

5.4CVSS5.3AI score0.0171EPSS
CVE
CVE
added 2022/03/09 3:38 p.m.90 views

CVE-2021-35251

CVE-2021-35251 affects SolarWinds Web Help Desk. The issue is information disclosure caused by detailed error messages that can reveal environmental details of the installation. Connected sources indicate a public remediation path via WHD 12-7-8 release notes (patch/update). Explicit exploitation...

5.3CVSS5.1AI score0.00934EPSS
CVE
CVE
added 2021/01/04 8:0 a.m.79 views

CVE-2019-16960

SolarWinds Web Help Desk 12.7.0 is affected by a cross-site scripting (XSS) vulnerability that can be triggered via a crafted CSV template file, using a manipulated Location Name field. The connected Red Hat and CNVD entries corroborate the vulnerability description and refer to the same CVE-2019...

5.4CVSS5.1AI score0.01331EPSS
CVE
CVE
added 2021/08/26 2:53 p.m.78 views

CVE-2021-32076

SolarWinds Web Help Desk 12.7.2 is affected by an Access Restriction Bypass via referrer spoof. An attacker can reach the Web Help Desk Getting Started Wizard, including the admin account creation page, by intercepting an HTTP request and changing the referrer from the public IP to the loopback, ...

5.3CVSS5.2AI score0.01172EPSS
CVE
CVE
added 2021/12/23 7:48 p.m.78 views

CVE-2021-35243

The CVE-2021-35243 entry is associated with SolarWinds Web Help Desk (versions 12.7.7 and earlier). The vulnerability arises from HTTP PUT and DELETE methods being enabled on the web server, enabling users to issue potentially dangerous requests. According to the NVD description, improper use of ...

7.5CVSS6.5AI score0.009EPSS
CVE
CVE
added 2024/12/10 8:20 a.m.75 views

CVE-2024-45709

CVE-2024-45709 affects SolarWinds Web Help Desk. The vulnerability is a local file read flaw that requires the product to be installed on Linux and configured to use a non-default development/test mode, which limits exposure. The available sources do not specify affected versions (beyond the Linu...

5.5CVSS5.1AI score0.00498EPSS
CVE
CVE
added 2021/01/15 1:28 p.m.55 views

CVE-2019-16961

CVE-2019-16961 affects SolarWinds Web Help Desk 12.7.0 and is a cross-site scripting (XSS) vulnerability exploitable via a Schedule Name. The connected Red Hat/CNVD/NVD entries corroborate the same issue. The NVD metrics list a CVSS v3.1 base score of 5.4 (MEDIUM) with network attack vector, low ...

5.4CVSS5.2AI score0.0147EPSS
CVE
CVE
added 2025/09/23 5:7 a.m.54 views

CVE-2025-26399

SolarWinds Web Help Desk (WHD) is affected by CVE-2025-26399, an unauthenticated AjaxProxy deserialization vulnerability that enables remote code execution. This is a patch bypass of CVE-2024-28988 (and 2024-28986). In-the-wild activity and security guidance from Microsoft indicate unauthenticate...

9.8CVSS8AI score0.8833EPSS
In wild
CVE
CVE
added 2025/02/11 7:13 a.m.51 views

CVE-2024-28989

CVE-2024-28989 affects SolarWinds Web Help Desk prior to version 12.8.5. The issue stems from a hardcoded cryptographic key, enabling disclosure of sensitive information (confidentiality impact HIGH) via a local attack with low privileges and no user interaction required. Remediation is to upgrad...

5.5CVSS5.2AI score0.00279EPSS
CVE
CVE
added 2026/01/28 7:33 a.m.47 views

CVE-2025-40551

SolarWinds Web Help Desk (before 2026.1) contains an untrusted data deserialization vulnerability in the jabsorb JSON-RPC library (CVE-2025-40551) that can lead to unauthenticated remote code execution. Public reports describe exploitation chains including JNDI injection when combined with other ...

9.8CVSS6.2AI score0.8413EPSS
In wild
CVE
CVE
added 2026/01/28 7:36 a.m.45 views

CVE-2025-40554

Summary of CVE-2025-40554 (SolarWinds Web Help Desk) : The vulnerability is an authentication bypass in the WebObjects session handling of SolarWinds Web Help Desk (affecting 12.8.8 HF1 and earlier). An unauthenticated attacker can craft a request to an internal admin page endpoint and bypass aut...

9.8CVSS5.8AI score0.58447EPSS
In wild
CVE
CVE
added 2021/01/06 4:53 p.m.39 views

CVE-2019-16954

CVE-2019-16954 affects SolarWinds Web Help Desk 12.7.0 with an HTML injection vulnerability via the Comment in a Help Request ticket. The provided connected documents indicate the flaw is caused by accepting user input in a Comment and injecting it into HTML, but do not provide explicit exploit s...

5.4CVSS5.6AI score0.01327EPSS
CVE
CVE
added 2026/01/28 7:30 a.m.33 views

CVE-2025-40536

CVE-2025-40536 relates to SolarWinds Web Help Desk and is described in connected sources as a security control bypass that could allow an unauthenticated attacker to access certain restricted functionality. The KEV/KEA entries note active exploitation risk, and a Metasploit module documents an un...

9.8CVSS5.9AI score0.81624EPSS
In wild
CVE
CVE
added 2026/06/02 7:31 p.m.32 views

CVE-2026-28299

The CVE-2026-28299 entry concerns SolarWinds Web Help Desk with a denial-of-service vulnerability that could cause the server to crash due to insufficient memory. Connected sources confirm the issue and provide CVSS:3.1 base score 8.2 (HIGH) with Network attack vector, low attack complexity, no p...

8.2CVSS5.8AI score0.00417EPSS
CVE
CVE
added 2025/09/01 9:18 p.m.29 views

CVE-2024-28988

SolarWinds Web Help Desk is affected by a Java deserialization Remote Code Execution flaw that could allow unauthenticated remote commands on the host. Root cause appears to be insecure deserialization in the Web Help Desk component. The vulnerability is addressed by upgrading to 12.8.3 with Hotf...

9.8CVSS7AI score0.36619EPSS
In wild
CVE
CVE
added 2026/01/28 7:31 a.m.24 views

CVE-2025-40537

SolarWinds Web Help Desk (WHD) is affected by CVE-2025-40537, a hard-coded credentials vulnerability that could allow access to administrative functions. The issue is addressed in WHD version 2026.1 (fixes for multiple WHD flaws, including 40537). The CVE is discussed alongside related WHD flaws ...

7.5CVSS5.8AI score0.00534EPSS
CVE
CVE
added 2026/01/28 7:34 a.m.22 views

CVE-2025-40552

CVE-2025-40552 affects SolarWinds Web Help Desk. It is an authentication bypass vulnerability in WHD that could allow an attacker to execute actions and methods that should be protected by authentication. Connected sources also note related high-severity flaws in the same product family (e.g., CV...

9.8CVSS5.9AI score0.49734EPSS
CVE
CVE
added 2025/07/29 8:7 a.m.20 views

CVE-2025-26400

CVE-2025-26400 affects SolarWinds Web Help Desk. XXE vulnerability could lead to information disclosure; exploitation requires valid, low-privilege access unless the attacker has local server access to modify config files. Connected sources indicate affected versions before 12.8.7; remediation is...

6.5CVSS6.2AI score0.00263EPSS
CVE
CVE
added 2026/01/28 7:35 a.m.17 views

CVE-2025-40553

CVE-2025-40553 affects SolarWinds Web Help Desk. The vulnerability is an untrusted data deserialization flaw that could lead to remote code execution and can be exploited without authentication. Fixed in WHD 2026.1; users should apply the latest update to mitigate. The connected sources also refe...

9.8CVSS6.2AI score0.6039EPSS