Lucene search

SolarWindsVULNRICHMENT:CVE-2024-28987

HistoryAug 21, 2024 - 9:17 p.m.

CVE-2024-28987 SolarWinds Web Help Desk Hardcoded Credential Vulnerability

2024-08-2121:17:23

CWE-798

SolarWinds

github.com

solarwinds

hardcoded credential

vulnerability

remote access

unauthenticated user

internal functionality

data modification

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7.1

Confidence

Low

EPSS

0.942

Percentile

99.2%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:solarwinds:webhelpdesk:*:*:*:*:*:*:*:*"
    ],
    "vendor": "solarwinds",
    "product": "webhelpdesk",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "12.8.3"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2

www.solarwinds.com/trust-center/security-advisories/cve-2024-28987

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7.1

Confidence

Low

EPSS

0.942

Percentile

99.2%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-28987