Vulnerabilities > Solarwinds > WEB Help Desk > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-02-11 CVE-2024-28989 Use of Hard-coded Credentials vulnerability in Solarwinds web Help Desk
SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software.
local
low complexity
solarwinds CWE-798
5.5
5.5
2024-12-10 CVE-2024-45709 Path Traversal vulnerability in Solarwinds web Help Desk
SolarWinds Web Help Desk was susceptible to a local file read vulnerability.
local
low complexity
solarwinds CWE-22
5.5
5.5
2022-03-10 CVE-2021-35251 Information Exposure Through an Error Message vulnerability in Solarwinds web Help Desk
Sensitive information could be displayed when a detailed technical error message is posted.
network
low complexity
solarwinds CWE-209
5.3
5.3
2021-08-26 CVE-2021-32076 Authentication Bypass by Spoofing vulnerability in Solarwinds web Help Desk
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2.
network
low complexity
solarwinds CWE-290
5.3
5.3
2021-01-15 CVE-2019-16961 Cross-site Scripting vulnerability in Solarwinds web Help Desk 12.7.0
SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name.
network
low complexity
solarwinds CWE-79
5.4
5.4
2021-01-06 CVE-2019-16954 Cross-site Scripting vulnerability in Solarwinds web Help Desk 12.7.0
SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket.
network
low complexity
solarwinds CWE-79
5.4
5.4
2021-01-04 CVE-2019-16960 Cross-site Scripting vulnerability in Solarwinds web Help Desk 12.7.0
SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field.
network
low complexity
solarwinds CWE-79
5.4
5.4
2021-01-04 CVE-2019-16956 Cross-site Scripting vulnerability in Solarwinds web Help Desk 12.7.0
SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parameter of a ticket.
network
low complexity
solarwinds CWE-79
5.4
5.4