Solarwinds: >> Web Help Desk >> 12.7.12 Security Vulnerabilities
SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-02-11
SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-12-10
CVE-2024-28987
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
Known exploited
CVSS Score
9.1
EPSS Score
0.942
Published
2024-08-21
CVE-2024-28986
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine.
While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.
However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.
Known exploited
CVSS Score
9.8
EPSS Score
0.326
Published
2024-08-13