Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities found for WebHelpDesk by SolarWinds
CVE-2021-35254 (GCVE-0-2021-35254)
Vulnerability from cvelistv5 – Published: 2022-03-25 18:02 – Updated: 2024-08-04 00:33
VLAI
Title
Authenticated Remote Code Execution in WebHelpDesk 12.7.8
Summary
SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future.
Severity
8.2 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.solarwinds.com/SuccessCenter/s/ar… | x_refsource_MISC |
| https://www.solarwinds.com/trust-center/security-… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SolarWinds | WebHelpDesk |
Affected:
12.7.8 and previous versions , < 12.7.8 HF 1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:33:51.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-8-Hotfix-1-Release-Notes?language=en_US"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35254"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebHelpDesk",
"vendor": "SolarWinds",
"versions": [
{
"lessThan": "12.7.8 HF 1",
"status": "affected",
"version": "12.7.8 and previous versions",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-25T18:02:27.000Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-8-Hotfix-1-Release-Notes?language=en_US"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35254"
}
],
"solutions": [
{
"lang": "en",
"value": "SolarWinds advises to upgrade to the latest version of Web Help Desk (WHD 12.7.8 HF 1)."
}
],
"source": {
"defect": [
"CVE-2021-35254"
],
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Code Execution in WebHelpDesk 12.7.8",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@solarwinds.com",
"ID": "CVE-2021-35254",
"STATE": "PUBLIC",
"TITLE": "Authenticated Remote Code Execution in WebHelpDesk 12.7.8"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebHelpDesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "12.7.8 and previous versions",
"version_value": "12.7.8 HF 1"
}
]
}
}
]
},
"vendor_name": "SolarWinds"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-8-Hotfix-1-Release-Notes?language=en_US",
"refsource": "MISC",
"url": "https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-8-Hotfix-1-Release-Notes?language=en_US"
},
{
"name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35254",
"refsource": "MISC",
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35254"
}
]
},
"solution": [
{
"lang": "en",
"value": "SolarWinds advises to upgrade to the latest version of Web Help Desk (WHD 12.7.8 HF 1)."
}
],
"source": {
"defect": [
"CVE-2021-35254"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2021-35254",
"datePublished": "2022-03-25T18:02:27.000Z",
"dateReserved": "2021-06-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:33:51.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35232 (GCVE-0-2021-35232)
Vulnerability from cvelistv5 – Published: 2021-12-27 18:48 – Updated: 2024-09-17 03:44
VLAI
Title
Hard credentials discovered in SolarWinds Web Help Desk which allows to execute Arbitrary Hibernate Queries
Summary
Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database.
Severity
6.8 (Medium)
CWE
- CWE-798 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.solarwinds.com/trust-center/security-… | x_refsource_MISC |
| https://support.solarwinds.com/SuccessCenter/s/ar… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.7.7 and previous versions , < 12.7.7 HF 1
(custom)
|
Date Public
2021-12-21 16:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:33:51.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35232"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"lessThan": "12.7.7 HF 1",
"status": "affected",
"version": "12.7.7 and previous versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Shubham Shah"
}
],
"datePublic": "2021-12-21T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database.\u003c/p\u003e"
}
],
"value": "Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T20:30:17.665Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35232"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSolarWinds advises the customers to upgrade to the latest Web Help Desk 12.7.7 Hotfix 1 product release once it becomes generally available.\u003c/p\u003e"
}
],
"value": "SolarWinds advises the customers to upgrade to the latest Web Help Desk 12.7.7 Hotfix 1 product release once it becomes generally available."
}
],
"source": {
"defect": [
"CVE-2021-35232"
],
"discovery": "EXTERNAL"
},
"title": "Hard credentials discovered in SolarWinds Web Help Desk which allows to execute Arbitrary Hibernate Queries",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@solarwinds.com",
"DATE_PUBLIC": "2021-12-22T15:45:00.000Z",
"ID": "CVE-2021-35232",
"STATE": "PUBLIC",
"TITLE": "Hard credentials discovered in SolarWinds Web Help Desk which allows to execute Arbitrary Hibernate Queries"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Web Help Desk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "12.7.7 and previous versions",
"version_value": "12.7.7 HF 1"
}
]
}
}
]
},
"vendor_name": "SolarWinds"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Shubham Shah"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35232",
"refsource": "MISC",
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35232"
},
{
"name": "https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US",
"refsource": "MISC",
"url": "https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US"
}
]
},
"solution": [
{
"lang": "en",
"value": "SolarWinds advises the customers to upgrade to the latest Web Help Desk 12.7.7 Hotfix 1 product release once it becomes generally available."
}
],
"source": {
"defect": [
"CVE-2021-35232"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2021-35232",
"datePublished": "2021-12-27T18:48:18.158Z",
"dateReserved": "2021-06-22T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:44:02.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16959 (GCVE-0-2019-16959)
Vulnerability from cvelistv5 – Published: 2020-12-21 15:13 – Updated: 2024-08-05 01:24
VLAI
Summary
SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://support.solarwinds.com/SuccessCenter/s/ | x_refsource_MISC |
| https://www.solarwinds.com/free-tools/free-help-d… | x_refsource_MISC |
| https://www.esecforte.com/formula-injection-vulne… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.solarwinds.com/SuccessCenter/s/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.solarwinds.com/free-tools/free-help-desk-software"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.esecforte.com/formula-injection-vulnerability-india-in-solarwinds-web-help-desk/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-21T15:13:21.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.solarwinds.com/SuccessCenter/s/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.solarwinds.com/free-tools/free-help-desk-software"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.esecforte.com/formula-injection-vulnerability-india-in-solarwinds-web-help-desk/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.solarwinds.com/SuccessCenter/s/",
"refsource": "MISC",
"url": "https://support.solarwinds.com/SuccessCenter/s/"
},
{
"name": "https://www.solarwinds.com/free-tools/free-help-desk-software",
"refsource": "MISC",
"url": "https://www.solarwinds.com/free-tools/free-help-desk-software"
},
{
"name": "https://www.esecforte.com/formula-injection-vulnerability-india-in-solarwinds-web-help-desk/",
"refsource": "MISC",
"url": "https://www.esecforte.com/formula-injection-vulnerability-india-in-solarwinds-web-help-desk/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16959",
"datePublished": "2020-12-21T15:13:21.000Z",
"dateReserved": "2019-09-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:24:48.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16955 (GCVE-0-2019-16955)
Vulnerability from cvelistv5 – Published: 2020-12-18 08:55 – Updated: 2024-08-05 01:24
VLAI
Summary
SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://support.solarwinds.com/SuccessCenter/s/ | x_refsource_MISC |
| https://www.solarwinds.com/free-tools/free-help-d… | x_refsource_MISC |
| https://www.esecforte.com/cross-site-scripting-vi… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.solarwinds.com/SuccessCenter/s/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.solarwinds.com/free-tools/free-help-desk-software"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.esecforte.com/cross-site-scripting-via-file-upload-vulnerability-in-solarwinds-web-help-desk/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-18T08:55:56.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.solarwinds.com/SuccessCenter/s/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.solarwinds.com/free-tools/free-help-desk-software"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.esecforte.com/cross-site-scripting-via-file-upload-vulnerability-in-solarwinds-web-help-desk/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.solarwinds.com/SuccessCenter/s/",
"refsource": "MISC",
"url": "https://support.solarwinds.com/SuccessCenter/s/"
},
{
"name": "https://www.solarwinds.com/free-tools/free-help-desk-software",
"refsource": "MISC",
"url": "https://www.solarwinds.com/free-tools/free-help-desk-software"
},
{
"name": "https://www.esecforte.com/cross-site-scripting-via-file-upload-vulnerability-in-solarwinds-web-help-desk/",
"refsource": "MISC",
"url": "https://www.esecforte.com/cross-site-scripting-via-file-upload-vulnerability-in-solarwinds-web-help-desk/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16955",
"datePublished": "2020-12-18T08:55:56.000Z",
"dateReserved": "2019-09-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:24:48.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16957 (GCVE-0-2019-16957)
Vulnerability from cvelistv5 – Published: 2020-12-18 08:53 – Updated: 2024-08-05 01:24
VLAI
Summary
SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://support.solarwinds.com/SuccessCenter/s/ | x_refsource_MISC |
| https://www.solarwinds.com/free-tools/free-help-d… | x_refsource_MISC |
| https://www.esecforte.com/cross-site-scripting-vu… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.solarwinds.com/SuccessCenter/s/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.solarwinds.com/free-tools/free-help-desk-software"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.esecforte.com/cross-site-scripting-vulnerability-in-solarwinds-web-help-desk/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-18T08:53:24.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.solarwinds.com/SuccessCenter/s/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.solarwinds.com/free-tools/free-help-desk-software"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.esecforte.com/cross-site-scripting-vulnerability-in-solarwinds-web-help-desk/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.solarwinds.com/SuccessCenter/s/",
"refsource": "MISC",
"url": "https://support.solarwinds.com/SuccessCenter/s/"
},
{
"name": "https://www.solarwinds.com/free-tools/free-help-desk-software",
"refsource": "MISC",
"url": "https://www.solarwinds.com/free-tools/free-help-desk-software"
},
{
"name": "https://www.esecforte.com/cross-site-scripting-vulnerability-in-solarwinds-web-help-desk/",
"refsource": "MISC",
"url": "https://www.esecforte.com/cross-site-scripting-vulnerability-in-solarwinds-web-help-desk/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16957",
"datePublished": "2020-12-18T08:53:24.000Z",
"dateReserved": "2019-09-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:24:48.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20002 (GCVE-0-2019-20002)
Vulnerability from cvelistv5 – Published: 2020-04-27 14:29 – Updated: 2024-08-05 02:32
VLAI
Summary
Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://medium.com/%40ayaan.saikia91/formula-inje… | x_refsource_MISC |
Date Public
2020-04-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:10.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40ayaan.saikia91/formula-injection-vulnerability-on-solarwinds-webhelpdesk-12-7-1-37569cd4cdc1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-04-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-27T14:29:28.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40ayaan.saikia91/formula-injection-vulnerability-on-solarwinds-webhelpdesk-12-7-1-37569cd4cdc1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://medium.com/@ayaan.saikia91/formula-injection-vulnerability-on-solarwinds-webhelpdesk-12-7-1-37569cd4cdc1",
"refsource": "MISC",
"url": "https://medium.com/@ayaan.saikia91/formula-injection-vulnerability-on-solarwinds-webhelpdesk-12-7-1-37569cd4cdc1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20002",
"datePublished": "2020-04-27T14:29:28.000Z",
"dateReserved": "2019-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:32:10.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35254 (GCVE-0-2021-35254)
Vulnerability from nvd – Published: 2022-03-25 18:02 – Updated: 2024-08-04 00:33
VLAI
Title
Authenticated Remote Code Execution in WebHelpDesk 12.7.8
Summary
SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future.
Severity
8.2 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.solarwinds.com/SuccessCenter/s/ar… | x_refsource_MISC |
| https://www.solarwinds.com/trust-center/security-… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SolarWinds | WebHelpDesk |
Affected:
12.7.8 and previous versions , < 12.7.8 HF 1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:33:51.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-8-Hotfix-1-Release-Notes?language=en_US"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35254"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebHelpDesk",
"vendor": "SolarWinds",
"versions": [
{
"lessThan": "12.7.8 HF 1",
"status": "affected",
"version": "12.7.8 and previous versions",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-25T18:02:27.000Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-8-Hotfix-1-Release-Notes?language=en_US"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35254"
}
],
"solutions": [
{
"lang": "en",
"value": "SolarWinds advises to upgrade to the latest version of Web Help Desk (WHD 12.7.8 HF 1)."
}
],
"source": {
"defect": [
"CVE-2021-35254"
],
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Code Execution in WebHelpDesk 12.7.8",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@solarwinds.com",
"ID": "CVE-2021-35254",
"STATE": "PUBLIC",
"TITLE": "Authenticated Remote Code Execution in WebHelpDesk 12.7.8"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebHelpDesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "12.7.8 and previous versions",
"version_value": "12.7.8 HF 1"
}
]
}
}
]
},
"vendor_name": "SolarWinds"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-8-Hotfix-1-Release-Notes?language=en_US",
"refsource": "MISC",
"url": "https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-8-Hotfix-1-Release-Notes?language=en_US"
},
{
"name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35254",
"refsource": "MISC",
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35254"
}
]
},
"solution": [
{
"lang": "en",
"value": "SolarWinds advises to upgrade to the latest version of Web Help Desk (WHD 12.7.8 HF 1)."
}
],
"source": {
"defect": [
"CVE-2021-35254"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2021-35254",
"datePublished": "2022-03-25T18:02:27.000Z",
"dateReserved": "2021-06-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:33:51.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35232 (GCVE-0-2021-35232)
Vulnerability from nvd – Published: 2021-12-27 18:48 – Updated: 2024-09-17 03:44
VLAI
Title
Hard credentials discovered in SolarWinds Web Help Desk which allows to execute Arbitrary Hibernate Queries
Summary
Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database.
Severity
6.8 (Medium)
CWE
- CWE-798 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.solarwinds.com/trust-center/security-… | x_refsource_MISC |
| https://support.solarwinds.com/SuccessCenter/s/ar… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.7.7 and previous versions , < 12.7.7 HF 1
(custom)
|
Date Public
2021-12-21 16:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:33:51.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35232"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"lessThan": "12.7.7 HF 1",
"status": "affected",
"version": "12.7.7 and previous versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Shubham Shah"
}
],
"datePublic": "2021-12-21T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database.\u003c/p\u003e"
}
],
"value": "Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T20:30:17.665Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35232"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSolarWinds advises the customers to upgrade to the latest Web Help Desk 12.7.7 Hotfix 1 product release once it becomes generally available.\u003c/p\u003e"
}
],
"value": "SolarWinds advises the customers to upgrade to the latest Web Help Desk 12.7.7 Hotfix 1 product release once it becomes generally available."
}
],
"source": {
"defect": [
"CVE-2021-35232"
],
"discovery": "EXTERNAL"
},
"title": "Hard credentials discovered in SolarWinds Web Help Desk which allows to execute Arbitrary Hibernate Queries",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@solarwinds.com",
"DATE_PUBLIC": "2021-12-22T15:45:00.000Z",
"ID": "CVE-2021-35232",
"STATE": "PUBLIC",
"TITLE": "Hard credentials discovered in SolarWinds Web Help Desk which allows to execute Arbitrary Hibernate Queries"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Web Help Desk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "12.7.7 and previous versions",
"version_value": "12.7.7 HF 1"
}
]
}
}
]
},
"vendor_name": "SolarWinds"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Shubham Shah"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35232",
"refsource": "MISC",
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35232"
},
{
"name": "https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US",
"refsource": "MISC",
"url": "https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US"
}
]
},
"solution": [
{
"lang": "en",
"value": "SolarWinds advises the customers to upgrade to the latest Web Help Desk 12.7.7 Hotfix 1 product release once it becomes generally available."
}
],
"source": {
"defect": [
"CVE-2021-35232"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2021-35232",
"datePublished": "2021-12-27T18:48:18.158Z",
"dateReserved": "2021-06-22T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:44:02.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16959 (GCVE-0-2019-16959)
Vulnerability from nvd – Published: 2020-12-21 15:13 – Updated: 2024-08-05 01:24
VLAI
Summary
SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://support.solarwinds.com/SuccessCenter/s/ | x_refsource_MISC |
| https://www.solarwinds.com/free-tools/free-help-d… | x_refsource_MISC |
| https://www.esecforte.com/formula-injection-vulne… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.solarwinds.com/SuccessCenter/s/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.solarwinds.com/free-tools/free-help-desk-software"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.esecforte.com/formula-injection-vulnerability-india-in-solarwinds-web-help-desk/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-21T15:13:21.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.solarwinds.com/SuccessCenter/s/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.solarwinds.com/free-tools/free-help-desk-software"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.esecforte.com/formula-injection-vulnerability-india-in-solarwinds-web-help-desk/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.solarwinds.com/SuccessCenter/s/",
"refsource": "MISC",
"url": "https://support.solarwinds.com/SuccessCenter/s/"
},
{
"name": "https://www.solarwinds.com/free-tools/free-help-desk-software",
"refsource": "MISC",
"url": "https://www.solarwinds.com/free-tools/free-help-desk-software"
},
{
"name": "https://www.esecforte.com/formula-injection-vulnerability-india-in-solarwinds-web-help-desk/",
"refsource": "MISC",
"url": "https://www.esecforte.com/formula-injection-vulnerability-india-in-solarwinds-web-help-desk/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16959",
"datePublished": "2020-12-21T15:13:21.000Z",
"dateReserved": "2019-09-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:24:48.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16955 (GCVE-0-2019-16955)
Vulnerability from nvd – Published: 2020-12-18 08:55 – Updated: 2024-08-05 01:24
VLAI
Summary
SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://support.solarwinds.com/SuccessCenter/s/ | x_refsource_MISC |
| https://www.solarwinds.com/free-tools/free-help-d… | x_refsource_MISC |
| https://www.esecforte.com/cross-site-scripting-vi… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.solarwinds.com/SuccessCenter/s/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.solarwinds.com/free-tools/free-help-desk-software"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.esecforte.com/cross-site-scripting-via-file-upload-vulnerability-in-solarwinds-web-help-desk/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-18T08:55:56.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.solarwinds.com/SuccessCenter/s/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.solarwinds.com/free-tools/free-help-desk-software"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.esecforte.com/cross-site-scripting-via-file-upload-vulnerability-in-solarwinds-web-help-desk/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.solarwinds.com/SuccessCenter/s/",
"refsource": "MISC",
"url": "https://support.solarwinds.com/SuccessCenter/s/"
},
{
"name": "https://www.solarwinds.com/free-tools/free-help-desk-software",
"refsource": "MISC",
"url": "https://www.solarwinds.com/free-tools/free-help-desk-software"
},
{
"name": "https://www.esecforte.com/cross-site-scripting-via-file-upload-vulnerability-in-solarwinds-web-help-desk/",
"refsource": "MISC",
"url": "https://www.esecforte.com/cross-site-scripting-via-file-upload-vulnerability-in-solarwinds-web-help-desk/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16955",
"datePublished": "2020-12-18T08:55:56.000Z",
"dateReserved": "2019-09-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:24:48.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16957 (GCVE-0-2019-16957)
Vulnerability from nvd – Published: 2020-12-18 08:53 – Updated: 2024-08-05 01:24
VLAI
Summary
SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://support.solarwinds.com/SuccessCenter/s/ | x_refsource_MISC |
| https://www.solarwinds.com/free-tools/free-help-d… | x_refsource_MISC |
| https://www.esecforte.com/cross-site-scripting-vu… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.solarwinds.com/SuccessCenter/s/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.solarwinds.com/free-tools/free-help-desk-software"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.esecforte.com/cross-site-scripting-vulnerability-in-solarwinds-web-help-desk/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-18T08:53:24.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.solarwinds.com/SuccessCenter/s/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.solarwinds.com/free-tools/free-help-desk-software"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.esecforte.com/cross-site-scripting-vulnerability-in-solarwinds-web-help-desk/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.solarwinds.com/SuccessCenter/s/",
"refsource": "MISC",
"url": "https://support.solarwinds.com/SuccessCenter/s/"
},
{
"name": "https://www.solarwinds.com/free-tools/free-help-desk-software",
"refsource": "MISC",
"url": "https://www.solarwinds.com/free-tools/free-help-desk-software"
},
{
"name": "https://www.esecforte.com/cross-site-scripting-vulnerability-in-solarwinds-web-help-desk/",
"refsource": "MISC",
"url": "https://www.esecforte.com/cross-site-scripting-vulnerability-in-solarwinds-web-help-desk/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16957",
"datePublished": "2020-12-18T08:53:24.000Z",
"dateReserved": "2019-09-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:24:48.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20002 (GCVE-0-2019-20002)
Vulnerability from nvd – Published: 2020-04-27 14:29 – Updated: 2024-08-05 02:32
VLAI
Summary
Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://medium.com/%40ayaan.saikia91/formula-inje… | x_refsource_MISC |
Date Public
2020-04-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:10.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40ayaan.saikia91/formula-injection-vulnerability-on-solarwinds-webhelpdesk-12-7-1-37569cd4cdc1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-04-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-27T14:29:28.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40ayaan.saikia91/formula-injection-vulnerability-on-solarwinds-webhelpdesk-12-7-1-37569cd4cdc1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://medium.com/@ayaan.saikia91/formula-injection-vulnerability-on-solarwinds-webhelpdesk-12-7-1-37569cd4cdc1",
"refsource": "MISC",
"url": "https://medium.com/@ayaan.saikia91/formula-injection-vulnerability-on-solarwinds-webhelpdesk-12-7-1-37569cd4cdc1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20002",
"datePublished": "2020-04-27T14:29:28.000Z",
"dateReserved": "2019-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:32:10.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}