Vulnerabilities > Solarwinds > WEB Help Desk

DATE CVE VULNERABILITY TITLE RISK
2024-08-21 CVE-2024-28987 Use of Hard-coded Credentials vulnerability in Solarwinds web Help Desk
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
network
low complexity
solarwinds CWE-798
critical
 9.1
9.1
2024-08-13 CVE-2024-28986 Deserialization of Untrusted Data vulnerability in Solarwinds web Help Desk
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine.
network
low complexity
solarwinds CWE-502
critical
 9.8
9.8
2022-03-10 CVE-2021-35251 Information Exposure Through an Error Message vulnerability in Solarwinds web Help Desk
Sensitive information could be displayed when a detailed technical error message is posted.
network
low complexity
solarwinds CWE-209
5.0
5.0
2021-12-23 CVE-2021-35243 Unspecified vulnerability in Solarwinds web Help Desk
The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests.
network
low complexity
solarwinds
5.0
5.0
2021-08-26 CVE-2021-32076 Authentication Bypass by Spoofing vulnerability in Solarwinds web Help Desk
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2.
network
low complexity
solarwinds CWE-290
5.3
5.3
2021-01-15 CVE-2019-16961 Cross-site Scripting vulnerability in Solarwinds web Help Desk 12.7.0
SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name.
network
solarwinds CWE-79
3.5
3.5
2021-01-06 CVE-2019-16954 Injection vulnerability in Solarwinds web Help Desk 12.7.0
SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket.
network
solarwinds CWE-74
4.9
4.9
2021-01-04 CVE-2019-16960 Cross-site Scripting vulnerability in Solarwinds web Help Desk 12.7.0
SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field.
network
solarwinds CWE-79
3.5
3.5
2021-01-04 CVE-2019-16956 Cross-site Scripting vulnerability in Solarwinds web Help Desk 12.7.0
SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parameter of a ticket.
network
solarwinds CWE-79
3.5
3.5