Lucene search
K
SolarwindsWebhelpdesk

6 matches found

CVE
CVE
added 2022/03/25 6:2 p.m.95 views

CVE-2021-35254

CVE-2021-35254 affects SolarWinds WebHelpDesk (12.7.8 and earlier). The issue stems from an input that was not sanitized/validated, enabling exploitation. Public records describe this as an authenticated remote code execution risk. SolarWinds mitigated by removing the vulnerable input field to pr...

8.8CVSS8.5AI score0.00974EPSS
CVE
CVE
added 2021/12/27 6:48 p.m.77 views

CVE-2021-35232

CVE-2021-35232 affects SolarWinds Web Help Desk versions up to and including 12.7.6. It arises from hard-coded credentials that permit a local attacker with access to the Web Help Desk host to execute arbitrary HQL queries against the database, enabling theft of user password hashes or insertion ...

6.8CVSS6.6AI score0.003EPSS
In wild
CVE
CVE
added 2020/12/18 8:53 a.m.67 views

CVE-2019-16957

SolarWinds Web Help Desk 12.7.0 is affected by a Cross‑Site Scripting (XSS) vulnerability that can be triggered via the First Name field of a User Account. The issue is documented in CVE-2019-16957 and is consistently described across multiple feeds (NVD, Red Hat, CNVD, CVE lists). The connected ...

5.4CVSS5.2AI score0.0147EPSS
CVE
CVE
added 2020/12/18 8:55 a.m.65 views

CVE-2019-16955

CVE-2019-16955 affects SolarWinds Web Help Desk 12.7.0 and is a cross-site scripting (XSS) vulnerability triggered by an uploaded SVG document in a request. The root cause is improper handling of SVG uploads leading to script injection. Public documents (NVD, Red Hat, CNVD) confirm the issue; no ...

5.4CVSS5.2AI score0.01656EPSS
CVE
CVE
added 2020/12/21 3:13 p.m.50 views

CVE-2019-16959

SolarWinds Web Help Desk 12.7.0 is affected by a CSV Injection (Formula Injection) vulnerability via a file attached to a ticket. The issue is described consistently across sources (CVE-2019-16959, Red Hat CVE page, NVD record). The exact root cause is not elaborated beyond the CSV/Formula Inject...

6.5CVSS6.4AI score0.0163EPSS
CVE
CVE
added 2020/04/27 2:29 p.m.46 views

CVE-2019-20002

SolarWinds WebHelpDesk 12.7.1 contains a Formula Injection vulnerability in the export feature. A low-privileged user can provide a value in the Subject field of a help request form, which is mishandled during a TSV export performed by an admin user via TicketActions/view?tab=group. This leads to...

7.8CVSS7.7AI score0.01259EPSS
Web