Search criteria
42 vulnerabilities found for web_help_desk by solarwinds
FKIE_CVE-2025-26399
Vulnerability from fkie_nvd - Published: 2025-09-23 05:15 - Updated: 2025-11-14 23:41
Severity ?
Summary
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | web_help_desk | * | |
| solarwinds | web_help_desk | 12.8.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46BAB832-25B8-4ED6-B209-759F4B470CCE",
"versionEndIncluding": "12.8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:12.8.7:-:*:*:*:*:*:*",
"matchCriteriaId": "B88A115F-EDE4-447D-A35B-902A4074824A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986."
}
],
"id": "CVE-2025-26399",
"lastModified": "2025-11-14T23:41:16.280",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "psirt@solarwinds.com",
"type": "Primary"
}
]
},
"published": "2025-09-23T05:15:35.777",
"references": [
{
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm"
},
{
"source": "psirt@solarwinds.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26399"
}
],
"sourceIdentifier": "psirt@solarwinds.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "psirt@solarwinds.com",
"type": "Primary"
}
]
}
FKIE_CVE-2024-28988
Vulnerability from fkie_nvd - Published: 2025-09-01 22:15 - Updated: 2025-11-14 23:32
Severity ?
Summary
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research.
We recommend all Web Help Desk customers apply the patch, which is now available.
We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | web_help_desk | * | |
| solarwinds | web_help_desk | 12.8.3 | |
| solarwinds | web_help_desk | 12.8.3 | |
| solarwinds | web_help_desk | 12.8.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5426A720-F345-4C8E-B5B5-76639D447A6D",
"versionEndIncluding": "12.8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:12.8.3:-:*:*:*:*:*:*",
"matchCriteriaId": "331BF887-F099-419E-9664-EE2EC76E2E23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:12.8.3:hotfix1:*:*:*:*:*:*",
"matchCriteriaId": "7FCFD6C1-EF56-47F4-AFE5-AD8E54232FF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:12.8.3:hotfix2:*:*:*:*:*:*",
"matchCriteriaId": "DB6BE43D-5CCE-48BE-8A0A-378BBC265648",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research.\u00a0\n\n\n\n\n\nWe recommend all Web Help Desk customers apply the patch, which is now available.\u00a0\n\n\n\n\n\nWe thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities."
}
],
"id": "CVE-2024-28988",
"lastModified": "2025-11-14T23:32:43.077",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "psirt@solarwinds.com",
"type": "Primary"
}
]
},
"published": "2025-09-01T22:15:30.070",
"references": [
{
"source": "psirt@solarwinds.com",
"tags": [
"Broken Link"
],
"url": "https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-3"
},
{
"source": "psirt@solarwinds.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28988"
}
],
"sourceIdentifier": "psirt@solarwinds.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "psirt@solarwinds.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-26400
Vulnerability from fkie_nvd - Published: 2025-07-29 08:15 - Updated: 2025-11-17 16:11
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@solarwinds.com | https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7_release_notes.htm | Release Notes, Vendor Advisory | |
| psirt@solarwinds.com | https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26400 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | web_help_desk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE441DEF-EFE1-47A6-A542-40B493D72AEF",
"versionEndExcluding": "12.8.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files."
},
{
"lang": "es",
"value": "Se inform\u00f3 que SolarWinds Web Help Desk se vio afectado por una vulnerabilidad de inyecci\u00f3n de entidades externas XML (XXE) que podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n. Se requiere un acceso v\u00e1lido con privilegios bajos, a menos que el atacante tuviera acceso al servidor local para modificar los archivos de configuraci\u00f3n."
}
],
"id": "CVE-2025-26400",
"lastModified": "2025-11-17T16:11:59.000",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "psirt@solarwinds.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-07-29T08:15:26.053",
"references": [
{
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7_release_notes.htm"
},
{
"source": "psirt@solarwinds.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26400"
}
],
"sourceIdentifier": "psirt@solarwinds.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "psirt@solarwinds.com",
"type": "Primary"
}
]
}
FKIE_CVE-2024-28989
Vulnerability from fkie_nvd - Published: 2025-02-11 08:15 - Updated: 2025-02-25 17:36
Severity ?
Summary
SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | web_help_desk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06E1FD47-7177-4F14-90BB-0A42EBC514E0",
"versionEndExcluding": "12.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que SolarWinds Web Help Desk ten\u00eda una clave criptogr\u00e1fica codificada que podr\u00eda permitir la divulgaci\u00f3n de informaci\u00f3n confidencial del software."
}
],
"id": "CVE-2024-28989",
"lastModified": "2025-02-25T17:36:29.507",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "psirt@solarwinds.com",
"type": "Primary"
}
]
},
"published": "2025-02-11T08:15:30.787",
"references": [
{
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-5_release_notes.htm"
},
{
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28989"
}
],
"sourceIdentifier": "psirt@solarwinds.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-321"
}
],
"source": "psirt@solarwinds.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-45709
Vulnerability from fkie_nvd - Published: 2024-12-10 09:15 - Updated: 2025-02-25 17:20
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | web_help_desk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6942AFC4-2547-43B4-9FBC-D10690379691",
"versionEndExcluding": "12.8.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited."
},
{
"lang": "es",
"value": "SolarWinds Web Help Desk era susceptible a una vulnerabilidad de lectura de archivos locales. Esta vulnerabilidad requiere que el software est\u00e9 instalado en Linux y configurado para utilizar un modo de desarrollo/prueba no predeterminado, lo que hace que la exposici\u00f3n a la vulnerabilidad sea muy limitada."
}
],
"id": "CVE-2024-45709",
"lastModified": "2025-02-25T17:20:37.920",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "psirt@solarwinds.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-12-10T09:15:06.013",
"references": [
{
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes"
],
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-4_release_notes.htm"
},
{
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45709"
}
],
"sourceIdentifier": "psirt@solarwinds.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "psirt@solarwinds.com",
"type": "Primary"
}
]
}
FKIE_CVE-2024-28987
Vulnerability from fkie_nvd - Published: 2024-08-21 22:15 - Updated: 2025-10-27 17:01
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | web_help_desk | * | |
| solarwinds | web_help_desk | 12.8.3 | |
| solarwinds | web_help_desk | 12.8.3 |
{
"cisaActionDue": "2024-11-05",
"cisaExploitAdd": "2024-10-15",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "SolarWinds Web Help Desk Hardcoded Credential Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDE3AF89-F0D2-4F3C-9565-F6DEA8B2BAC7",
"versionEndExcluding": "12.8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:12.8.3:-:*:*:*:*:*:*",
"matchCriteriaId": "331BF887-F099-419E-9664-EE2EC76E2E23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:12.8.3:hotfix1:*:*:*:*:*:*",
"matchCriteriaId": "7FCFD6C1-EF56-47F4-AFE5-AD8E54232FF8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data."
},
{
"lang": "es",
"value": "El software SolarWinds Web Help Desk (WHD) se ve afectado por una vulnerabilidad de credencial codificada, lo que permite a un usuario remoto no autenticado acceder a la funcionalidad interna y modificar datos."
}
],
"id": "CVE-2024-28987",
"lastModified": "2025-10-27T17:01:42.723",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "psirt@solarwinds.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-21T22:15:04.350",
"references": [
{
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes"
],
"url": "https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2"
},
{
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://www.theregister.com/2024/08/22/hardcoded_credentials_bug_solarwinds_whd/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-28987"
}
],
"sourceIdentifier": "psirt@solarwinds.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "psirt@solarwinds.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-28986
Vulnerability from fkie_nvd - Published: 2024-08-13 23:15 - Updated: 2025-10-27 17:01
Severity ?
Summary
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine.
While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.
However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | web_help_desk | * | |
| solarwinds | web_help_desk | 12.8.3 |
{
"cisaActionDue": "2024-09-05",
"cisaExploitAdd": "2024-08-15",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5426A720-F345-4C8E-B5B5-76639D447A6D",
"versionEndIncluding": "12.8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:12.8.3:-:*:*:*:*:*:*",
"matchCriteriaId": "331BF887-F099-419E-9664-EE2EC76E2E23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. \n\nWhile it was reported as an unauthenticated\u00a0vulnerability, SolarWinds has been unable to reproduce it\u00a0without authentication\u00a0after thorough testing. \u00a0\n\nHowever, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que SolarWinds Web Help Desk era susceptible a una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de deserializaci\u00f3n de Java que, si se explota, permitir\u00eda a un atacante ejecutar comandos en la m\u00e1quina host. Si bien se inform\u00f3 como una vulnerabilidad no autenticada, SolarWinds no pudo reproducirla sin autenticaci\u00f3n despu\u00e9s de pruebas exhaustivas. Sin embargo, por precauci\u00f3n, recomendamos a todos los clientes de Web Help Desk que apliquen el parche, que ya est\u00e1 disponible."
}
],
"id": "CVE-2024-28986",
"lastModified": "2025-10-27T17:01:47.020",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "psirt@solarwinds.com",
"type": "Secondary"
}
]
},
"published": "2024-08-13T23:15:16.627",
"references": [
{
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory",
"Broken Link"
],
"url": "https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1"
},
{
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28986"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-28986"
}
],
"sourceIdentifier": "psirt@solarwinds.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "psirt@solarwinds.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-35251
Vulnerability from fkie_nvd - Published: 2022-03-10 17:42 - Updated: 2024-11-21 06:12
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | web_help_desk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE1F962-7502-4DB4-AB9B-C559C572B74B",
"versionEndExcluding": "12.7.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation."
},
{
"lang": "es",
"value": "Podr\u00eda mostrarse informaci\u00f3n confidencial cuando es publicado un mensaje de error t\u00e9cnico detallado. Esta informaci\u00f3n podr\u00eda revelar detalles del entorno de la instalaci\u00f3n del servicio de asistencia web"
}
],
"id": "CVE-2021-35251",
"lastModified": "2024-11-21T06:12:09.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@solarwinds.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-10T17:42:38.523",
"references": [
{
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-7-8_release_notes.htm"
},
{
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-7-8_release_notes.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35251"
}
],
"sourceIdentifier": "psirt@solarwinds.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "psirt@solarwinds.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-35243
Vulnerability from fkie_nvd - Published: 2021-12-23 20:15 - Updated: 2024-11-21 06:12
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | web_help_desk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D41CAE30-00B6-4F9F-95AD-42F02E9E9CF8",
"versionEndIncluding": "12.7.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity."
},
{
"lang": "es",
"value": "Los m\u00e9todos HTTP PUT y DELETE fueron habilitados en el servidor web de Web Help Desk (12.7.7 y anteriores), permitiendo a los usuarios ejecutar peticiones HTTP peligrosas. El m\u00e9todo HTTP PUT se utiliza normalmente para cargar datos que se guardan en el servidor con una URL proporcionada por el usuario. Mientras que el m\u00e9todo DELETE solicita que el servidor de origen elimine la asociaci\u00f3n entre el recurso de destino y su funcionalidad actual. El uso inadecuado de estos m\u00e9todos puede conducir a una p\u00e9rdida de integridad"
}
],
"id": "CVE-2021-35243",
"lastModified": "2024-11-21T06:12:08.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@solarwinds.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-23T20:15:11.480",
"references": [
{
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US"
},
{
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35243"
}
],
"sourceIdentifier": "psirt@solarwinds.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-749"
}
],
"source": "psirt@solarwinds.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-32076
Vulnerability from fkie_nvd - Published: 2021-08-26 15:15 - Updated: 2024-11-21 06:06
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@solarwinds.com | https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076 | Vendor Advisory | |
| nvd@nist.gov | https://exchange.xforce.ibmcloud.com/vulnerabilities/208278 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solarwinds | web_help_desk | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BD320EC-D33D-401B-96BF-0AE79432DDB3",
"versionEndIncluding": "12.7.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the \u0027Web Help Desk Getting Started Wizard\u0027, especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback."
},
{
"lang": "es",
"value": "En SolarWinds Web Help Desk versi\u00f3n 12.7.2, se ha detectado una Omisi\u00f3n de Restricciones de Acceso por medio de una suplantaci\u00f3n de referencias. Un atacante puede acceder a \"Web Help Desk Getting Started Wizard\", especialmente a la p\u00e1gina de creaci\u00f3n de la cuenta de administrador, desde un rango de red de direcciones IP sin privilegios o una direcci\u00f3n de loopback al interceptar la petici\u00f3n HTTP y cambiando el referrer de la direcci\u00f3n IP p\u00fablica al loopback"
}
],
"id": "CVE-2021-32076",
"lastModified": "2024-11-21T06:06:48.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@solarwinds.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-26T15:15:06.993",
"references": [
{
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076"
},
{
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/208278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076"
}
],
"sourceIdentifier": "psirt@solarwinds.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-290"
}
],
"source": "psirt@solarwinds.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-290"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-26399 (GCVE-0-2025-26399)
Vulnerability from cvelistv5 – Published: 2025-09-23 05:07 – Updated: 2025-09-24 03:55
VLAI?
Summary
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.
Severity ?
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.8.7 and below
|
Credits
Anonymous working with Trend Micro Zero Day Initiative
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26399",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T03:55:11.851Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.8.7 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Anonymous working with Trend Micro Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986."
}
],
"value": "SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248: Untrusted Execution Flow"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T05:07:14.702Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26399"
},
{
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends customers to upgrade to Web Help Desk version 12.8.7 HF1 as soon as is practical."
}
],
"value": "SolarWinds recommends customers to upgrade to Web Help Desk version 12.8.7 HF1 as soon as is practical."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Web Help Desk Deserialization of Untrusted Data Privilege Escalation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2025-26399",
"datePublished": "2025-09-23T05:07:14.702Z",
"dateReserved": "2025-02-08T00:19:09.395Z",
"dateUpdated": "2025-09-24T03:55:11.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28988 (GCVE-0-2024-28988)
Vulnerability from cvelistv5 – Published: 2025-09-01 21:18 – Updated: 2025-09-03 03:55
VLAI?
Summary
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research.
We recommend all Web Help Desk customers apply the patch, which is now available.
We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.
Severity ?
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.8.3 HF 2 and previous versions
|
Credits
Guy Lederfein of Trend Micro
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28988",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-02T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T03:55:24.519Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.8.3 HF 2 and previous versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Guy Lederfein of Trend Micro"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cp\u003eSolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research.\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003eWe recommend all Web Help Desk customers apply the patch, which is now available.\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003eWe thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. \u0026nbsp; \u003c/p\u003e\u003c/div\u003e"
}
],
"value": "SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research.\u00a0\n\n\n\n\n\nWe recommend all Web Help Desk customers apply the patch, which is now available.\u00a0\n\n\n\n\n\nWe thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T21:18:58.626Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-3"
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28988"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "All SolarWinds Web Help Desk customers are advised to upgrade to the latest version of the SolarWinds Web Help Desk 12.8.3 HF 3"
}
],
"value": "All SolarWinds Web Help Desk customers are advised to upgrade to the latest version of the SolarWinds Web Help Desk 12.8.3 HF 3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-28988",
"datePublished": "2025-09-01T21:18:58.626Z",
"dateReserved": "2024-03-13T20:27:09.782Z",
"dateUpdated": "2025-09-03T03:55:24.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26400 (GCVE-0-2025-26400)
Vulnerability from cvelistv5 – Published: 2025-07-29 08:07 – Updated: 2025-07-29 13:47
VLAI?
Summary
SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files.
Severity ?
5.3 (Medium)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.8.6 and previous versions
|
Credits
DieuLink, Nhiephon, and chung96vn from GCSC Vietnam
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26400",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T13:47:11.601984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T13:47:18.609Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.8.6 and previous versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "DieuLink, Nhiephon, and chung96vn from GCSC Vietnam"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files."
}
],
"value": "SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files."
}
],
"impacts": [
{
"capecId": "CAPEC-201",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-201 XML Entity Linking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T08:07:38.230Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26400"
},
{
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends customers upgrade to Web Help Desk version 12.8.7 as soon as is practical.\u003cbr\u003e"
}
],
"value": "SolarWinds recommends customers upgrade to Web Help Desk version 12.8.7 as soon as is practical."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Web Help Desk XML External Entity Injection (XXE) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2025-26400",
"datePublished": "2025-07-29T08:07:38.230Z",
"dateReserved": "2025-02-08T00:19:09.395Z",
"dateUpdated": "2025-07-29T13:47:18.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28989 (GCVE-0-2024-28989)
Vulnerability from cvelistv5 – Published: 2025-02-11 07:13 – Updated: 2025-02-11 15:27
VLAI?
Summary
SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software.
Severity ?
5.5 (Medium)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.8.4 and previous versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28989",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T15:26:54.819240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T15:27:11.512Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.8.4 and previous versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software."
}
],
"value": "SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software."
}
],
"impacts": [
{
"capecId": "CAPEC-191",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-191: Read Sensitive Constants Within an Executable"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T07:13:05.768Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28989"
},
{
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-5_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends customers upgrade to SolarWinds\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWeb Help Desk version 12.8.5.\u003c/span\u003e\n\n as soon as it becomes available.\u0026nbsp;\u003cbr\u003e"
}
],
"value": "SolarWinds recommends customers upgrade to SolarWinds\u00a0\n\nWeb Help Desk version 12.8.5.\n\n as soon as it becomes available."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Web Help Desk Cryptographic Key Management Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-28989",
"datePublished": "2025-02-11T07:13:05.768Z",
"dateReserved": "2024-03-13T20:27:09.782Z",
"dateUpdated": "2025-02-11T15:27:11.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45709 (GCVE-0-2024-45709)
Vulnerability from cvelistv5 – Published: 2024-12-10 08:20 – Updated: 2024-12-10 19:53
VLAI?
Summary
SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited.
Severity ?
5.3 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.8.3 HF3 and previous versions
|
Credits
Harsh Jaiswal from Project Discovery
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45709",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-10T19:42:33.706276Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T19:53:27.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Linux"
],
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.8.3 HF3 and previous versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Harsh Jaiswal from Project Discovery"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited."
}
],
"value": "SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited."
}
],
"impacts": [
{
"capecId": "CAPEC-139",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-139 Relative Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T08:20:06.921Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45709"
},
{
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-4_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSolarWinds recommends customers upgrade to \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSolarWinds \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWeb Help Desk\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e12.8.4 \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eas soon as it becomes available.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "SolarWinds recommends customers upgrade to SolarWinds Web Help Desk 12.8.4 as soon as it becomes available."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SolarWinds Web Help Desk Local File Read Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-45709",
"datePublished": "2024-12-10T08:20:06.921Z",
"dateReserved": "2024-09-05T08:28:03.887Z",
"dateUpdated": "2024-12-10T19:53:27.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28987 (GCVE-0-2024-28987)
Vulnerability from cvelistv5 – Published: 2024-08-21 21:17 – Updated: 2025-10-21 22:55
VLAI?
Summary
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
Severity ?
9.1 (Critical)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.8.3 Hotfix 1 and previous versions
|
Credits
Zach Hanley
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:solarwinds:webhelpdesk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "webhelpdesk",
"vendor": "solarwinds",
"versions": [
{
"lessThanOrEqual": "12.8.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28987",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T12:59:52.543547Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-10-15",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-28987"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:46.764Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-28987"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-15T00:00:00+00:00",
"value": "CVE-2024-28987 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-24T22:45:30.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.theregister.com/2024/08/22/hardcoded_credentials_bug_solarwinds_whd/"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.8.3 Hotfix 1 and previous versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Zach Hanley"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data."
}
],
"impacts": [
{
"capecId": "CAPEC-21",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-21 Exploitation of Trusted Credentials"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T11:43:41.569Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28987"
},
{
"url": "https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends that customers upgrade to SolarWinds Web Help Desk v12.8.3 HF2 as soon as it becomes available.\u003cbr\u003e"
}
],
"value": "SolarWinds recommends that customers upgrade to SolarWinds Web Help Desk v12.8.3 HF2 as soon as it becomes available."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Web Help Desk Hardcoded Credential Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-28987",
"datePublished": "2024-08-21T21:17:23.041Z",
"dateReserved": "2024-03-13T20:27:09.782Z",
"dateUpdated": "2025-10-21T22:55:46.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28986 (GCVE-0-2024-28986)
Vulnerability from cvelistv5 – Published: 2024-08-13 22:06 – Updated: 2025-10-21 22:55
VLAI?
Summary
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine.
While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.
However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.
Severity ?
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
previous versions , ≤ 12.8.3
(12.8.3)
|
Credits
Inmarsat Government / Viasat
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:solarwinds:webhelpdesk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "webhelpdesk",
"vendor": "solarwinds",
"versions": [
{
"lessThanOrEqual": "12.8.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28986",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T14:32:53.512984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-08-15",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-28986"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:47.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-28986"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-15T00:00:00+00:00",
"value": "CVE-2024-28986 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"lessThanOrEqual": "12.8.3",
"status": "affected",
"version": "previous versions",
"versionType": "12.8.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Inmarsat Government / Viasat"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. \u003c/p\u003e\u003cp\u003eWhile it was reported as an \u003cem\u003eunauthenticated\u003c/em\u003e\u0026nbsp;vulnerability, SolarWinds has been \u003cem\u003eunable to reproduce it\u003c/em\u003e\u0026nbsp;\u003cem\u003ewithout authentication\u003c/em\u003e\u0026nbsp;after thorough testing. \u0026nbsp;\u003c/p\u003e\u003cp\u003eHowever, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available. \u003c/p\u003e"
}
],
"value": "SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. \n\nWhile it was reported as an unauthenticated\u00a0vulnerability, SolarWinds has been unable to reproduce it\u00a0without authentication\u00a0after thorough testing. \u00a0\n\nHowever, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:53:10.914Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28986"
},
{
"url": "https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "All SolarWinds Web Help Desk customers are advised to upgrade to the latest version of the SolarWinds Web Help Desk 12.8.3 HF 1\u003cbr\u003e"
}
],
"value": "All SolarWinds Web Help Desk customers are advised to upgrade to the latest version of the SolarWinds Web Help Desk 12.8.3 HF 1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-28986",
"datePublished": "2024-08-13T22:06:45.234Z",
"dateReserved": "2024-03-13T20:27:09.782Z",
"dateUpdated": "2025-10-21T22:55:47.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35251 (GCVE-0-2021-35251)
Vulnerability from cvelistv5 – Published: 2022-03-09 15:38 – Updated: 2024-09-16 22:44
VLAI?
Summary
Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation.
Severity ?
5.3 (Medium)
CWE
- CWE-209 - Information Exposure Through an Error Message
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.7.7 HF 1 and Previous Versions , < 12.7.8
(custom)
|
Credits
SolarWinds would like to thank for Anthony Meluso reporting this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:33:51.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35251"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-7-8_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"lessThan": "12.7.8",
"status": "affected",
"version": "12.7.7 HF 1 and Previous Versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "SolarWinds would like to thank for Anthony Meluso reporting this vulnerability."
}
],
"datePublic": "2022-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Information Exposure Through an Error Message",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-09T15:38:01",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35251"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-7-8_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"value": "SolarWinds advises to upgrade to the latest version of Web Help Desk\n(WHD 12.7.8)."
}
],
"source": {
"defect": [
"CVE-2021-35251"
],
"discovery": "USER"
},
"title": "Sensitive Data Disclosure Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@solarwinds.com",
"DATE_PUBLIC": "2022-03-07T20:53:00.000Z",
"ID": "CVE-2021-35251",
"STATE": "PUBLIC",
"TITLE": "Sensitive Data Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Web Help Desk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "12.7.7 HF 1 and Previous Versions",
"version_value": "12.7.8"
}
]
}
}
]
},
"vendor_name": "SolarWinds"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "SolarWinds would like to thank for Anthony Meluso reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209 Information Exposure Through an Error Message"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35251",
"refsource": "MISC",
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35251"
},
{
"name": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-7-8_release_notes.htm",
"refsource": "MISC",
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-7-8_release_notes.htm"
}
]
},
"solution": [
{
"lang": "en",
"value": "SolarWinds advises to upgrade to the latest version of Web Help Desk\n(WHD 12.7.8)."
}
],
"source": {
"defect": [
"CVE-2021-35251"
],
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2021-35251",
"datePublished": "2022-03-09T15:38:01.677926Z",
"dateReserved": "2021-06-22T00:00:00",
"dateUpdated": "2024-09-16T22:44:56.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35243 (GCVE-0-2021-35243)
Vulnerability from cvelistv5 – Published: 2021-12-23 19:48 – Updated: 2024-09-16 17:18
VLAI?
Summary
The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity.
Severity ?
5.3 (Medium)
CWE
- CWE-749 - Exposed Dangerous Method or Function
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.7.7 and previous versions 12.7.7 HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:33:51.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35243"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.7.7 and previous versions 12.7.7 HF1"
}
]
}
],
"datePublic": "2021-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749 Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-27T18:48:19",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35243"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US"
}
],
"solutions": [
{
"lang": "en",
"value": "Affected customers are advised to upgrade to 12.7.7 Hotfix 1 once it becomes available."
}
],
"source": {
"defect": [
"CVE-2021-35243"
],
"discovery": "EXTERNAL"
},
"title": "HTTP PUT \u0026 DELETE Methods Enabled",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@solarwinds.com",
"DATE_PUBLIC": "2021-12-22T14:30:00.000Z",
"ID": "CVE-2021-35243",
"STATE": "PUBLIC",
"TITLE": "HTTP PUT \u0026 DELETE Methods Enabled"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Web Help Desk",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "12.7.7 and previous versions",
"version_value": "12.7.7 HF1"
}
]
}
}
]
},
"vendor_name": "SolarWinds"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-749 Exposed Dangerous Method or Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35243",
"refsource": "MISC",
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35243"
},
{
"name": "https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US",
"refsource": "MISC",
"url": "https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US"
}
]
},
"solution": [
{
"lang": "en",
"value": "Affected customers are advised to upgrade to 12.7.7 Hotfix 1 once it becomes available."
}
],
"source": {
"defect": [
"CVE-2021-35243"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2021-35243",
"datePublished": "2021-12-23T19:48:34.603987Z",
"dateReserved": "2021-06-22T00:00:00",
"dateUpdated": "2024-09-16T17:18:45.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32076 (GCVE-0-2021-32076)
Vulnerability from cvelistv5 – Published: 2021-08-26 14:53 – Updated: 2024-09-17 01:00
VLAI?
Summary
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.
Severity ?
5.3 (Medium)
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
unspecified , ≤ 12.7.5
(custom)
|
Credits
SolarWinds would like to thank Moaaz Taha for reporting on the issue in a responsible manner.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"lessThanOrEqual": "12.7.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "SolarWinds would like to thank Moaaz Taha for reporting on the issue in a responsible manner."
}
],
"datePublic": "2021-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the \u0027Web Help Desk Getting Started Wizard\u0027, especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-02T13:28:36",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076"
}
],
"solutions": [
{
"lang": "en",
"value": "SolarWinds has released version 12.7.6 and it is suggested to upgrade as soon as possible."
}
],
"source": {
"defect": [
"CVE-2021-32076"
],
"discovery": "UNKNOWN"
},
"title": "Access Restriction bypass vulnerability via referrer spoof - Business Logic Bypass",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@solarwinds.com",
"DATE_PUBLIC": "2021-08-20T14:12:00.000Z",
"ID": "CVE-2021-32076",
"STATE": "PUBLIC",
"TITLE": "Access Restriction bypass vulnerability via referrer spoof - Business Logic Bypass"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Web Help Desk",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "12.7.5"
}
]
}
}
]
},
"vendor_name": "SolarWinds"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "SolarWinds would like to thank Moaaz Taha for reporting on the issue in a responsible manner."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the \u0027Web Help Desk Getting Started Wizard\u0027, especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-290 Authentication Bypass by Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076",
"refsource": "MISC",
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076"
}
]
},
"solution": [
{
"lang": "en",
"value": "SolarWinds has released version 12.7.6 and it is suggested to upgrade as soon as possible."
}
],
"source": {
"defect": [
"CVE-2021-32076"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2021-32076",
"datePublished": "2021-08-26T14:53:25.774505Z",
"dateReserved": "2021-05-06T00:00:00",
"dateUpdated": "2024-09-17T01:00:44.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26399 (GCVE-0-2025-26399)
Vulnerability from nvd – Published: 2025-09-23 05:07 – Updated: 2025-09-24 03:55
VLAI?
Summary
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.
Severity ?
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.8.7 and below
|
Credits
Anonymous working with Trend Micro Zero Day Initiative
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26399",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T03:55:11.851Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.8.7 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Anonymous working with Trend Micro Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986."
}
],
"value": "SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248: Untrusted Execution Flow"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T05:07:14.702Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26399"
},
{
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends customers to upgrade to Web Help Desk version 12.8.7 HF1 as soon as is practical."
}
],
"value": "SolarWinds recommends customers to upgrade to Web Help Desk version 12.8.7 HF1 as soon as is practical."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Web Help Desk Deserialization of Untrusted Data Privilege Escalation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2025-26399",
"datePublished": "2025-09-23T05:07:14.702Z",
"dateReserved": "2025-02-08T00:19:09.395Z",
"dateUpdated": "2025-09-24T03:55:11.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28988 (GCVE-0-2024-28988)
Vulnerability from nvd – Published: 2025-09-01 21:18 – Updated: 2025-09-03 03:55
VLAI?
Summary
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research.
We recommend all Web Help Desk customers apply the patch, which is now available.
We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.
Severity ?
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.8.3 HF 2 and previous versions
|
Credits
Guy Lederfein of Trend Micro
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28988",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-02T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T03:55:24.519Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.8.3 HF 2 and previous versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Guy Lederfein of Trend Micro"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cp\u003eSolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research.\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003eWe recommend all Web Help Desk customers apply the patch, which is now available.\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003eWe thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. \u0026nbsp; \u003c/p\u003e\u003c/div\u003e"
}
],
"value": "SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research.\u00a0\n\n\n\n\n\nWe recommend all Web Help Desk customers apply the patch, which is now available.\u00a0\n\n\n\n\n\nWe thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T21:18:58.626Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-3"
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28988"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "All SolarWinds Web Help Desk customers are advised to upgrade to the latest version of the SolarWinds Web Help Desk 12.8.3 HF 3"
}
],
"value": "All SolarWinds Web Help Desk customers are advised to upgrade to the latest version of the SolarWinds Web Help Desk 12.8.3 HF 3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-28988",
"datePublished": "2025-09-01T21:18:58.626Z",
"dateReserved": "2024-03-13T20:27:09.782Z",
"dateUpdated": "2025-09-03T03:55:24.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26400 (GCVE-0-2025-26400)
Vulnerability from nvd – Published: 2025-07-29 08:07 – Updated: 2025-07-29 13:47
VLAI?
Summary
SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files.
Severity ?
5.3 (Medium)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.8.6 and previous versions
|
Credits
DieuLink, Nhiephon, and chung96vn from GCSC Vietnam
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26400",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T13:47:11.601984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T13:47:18.609Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.8.6 and previous versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "DieuLink, Nhiephon, and chung96vn from GCSC Vietnam"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files."
}
],
"value": "SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files."
}
],
"impacts": [
{
"capecId": "CAPEC-201",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-201 XML Entity Linking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T08:07:38.230Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26400"
},
{
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends customers upgrade to Web Help Desk version 12.8.7 as soon as is practical.\u003cbr\u003e"
}
],
"value": "SolarWinds recommends customers upgrade to Web Help Desk version 12.8.7 as soon as is practical."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Web Help Desk XML External Entity Injection (XXE) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2025-26400",
"datePublished": "2025-07-29T08:07:38.230Z",
"dateReserved": "2025-02-08T00:19:09.395Z",
"dateUpdated": "2025-07-29T13:47:18.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28989 (GCVE-0-2024-28989)
Vulnerability from nvd – Published: 2025-02-11 07:13 – Updated: 2025-02-11 15:27
VLAI?
Summary
SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software.
Severity ?
5.5 (Medium)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.8.4 and previous versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28989",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T15:26:54.819240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T15:27:11.512Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.8.4 and previous versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software."
}
],
"value": "SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software."
}
],
"impacts": [
{
"capecId": "CAPEC-191",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-191: Read Sensitive Constants Within an Executable"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T07:13:05.768Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28989"
},
{
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-5_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends customers upgrade to SolarWinds\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWeb Help Desk version 12.8.5.\u003c/span\u003e\n\n as soon as it becomes available.\u0026nbsp;\u003cbr\u003e"
}
],
"value": "SolarWinds recommends customers upgrade to SolarWinds\u00a0\n\nWeb Help Desk version 12.8.5.\n\n as soon as it becomes available."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Web Help Desk Cryptographic Key Management Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-28989",
"datePublished": "2025-02-11T07:13:05.768Z",
"dateReserved": "2024-03-13T20:27:09.782Z",
"dateUpdated": "2025-02-11T15:27:11.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45709 (GCVE-0-2024-45709)
Vulnerability from nvd – Published: 2024-12-10 08:20 – Updated: 2024-12-10 19:53
VLAI?
Summary
SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited.
Severity ?
5.3 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.8.3 HF3 and previous versions
|
Credits
Harsh Jaiswal from Project Discovery
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45709",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-10T19:42:33.706276Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T19:53:27.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Linux"
],
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.8.3 HF3 and previous versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Harsh Jaiswal from Project Discovery"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited."
}
],
"value": "SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited."
}
],
"impacts": [
{
"capecId": "CAPEC-139",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-139 Relative Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T08:20:06.921Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45709"
},
{
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-4_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSolarWinds recommends customers upgrade to \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSolarWinds \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWeb Help Desk\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e12.8.4 \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eas soon as it becomes available.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "SolarWinds recommends customers upgrade to SolarWinds Web Help Desk 12.8.4 as soon as it becomes available."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SolarWinds Web Help Desk Local File Read Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-45709",
"datePublished": "2024-12-10T08:20:06.921Z",
"dateReserved": "2024-09-05T08:28:03.887Z",
"dateUpdated": "2024-12-10T19:53:27.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28987 (GCVE-0-2024-28987)
Vulnerability from nvd – Published: 2024-08-21 21:17 – Updated: 2025-10-21 22:55
VLAI?
Summary
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
Severity ?
9.1 (Critical)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.8.3 Hotfix 1 and previous versions
|
Credits
Zach Hanley
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:solarwinds:webhelpdesk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "webhelpdesk",
"vendor": "solarwinds",
"versions": [
{
"lessThanOrEqual": "12.8.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28987",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T12:59:52.543547Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-10-15",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-28987"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:46.764Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-28987"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-15T00:00:00+00:00",
"value": "CVE-2024-28987 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-24T22:45:30.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.theregister.com/2024/08/22/hardcoded_credentials_bug_solarwinds_whd/"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.8.3 Hotfix 1 and previous versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Zach Hanley"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data."
}
],
"impacts": [
{
"capecId": "CAPEC-21",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-21 Exploitation of Trusted Credentials"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T11:43:41.569Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28987"
},
{
"url": "https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends that customers upgrade to SolarWinds Web Help Desk v12.8.3 HF2 as soon as it becomes available.\u003cbr\u003e"
}
],
"value": "SolarWinds recommends that customers upgrade to SolarWinds Web Help Desk v12.8.3 HF2 as soon as it becomes available."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SolarWinds Web Help Desk Hardcoded Credential Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-28987",
"datePublished": "2024-08-21T21:17:23.041Z",
"dateReserved": "2024-03-13T20:27:09.782Z",
"dateUpdated": "2025-10-21T22:55:46.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28986 (GCVE-0-2024-28986)
Vulnerability from nvd – Published: 2024-08-13 22:06 – Updated: 2025-10-21 22:55
VLAI?
Summary
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine.
While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.
However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.
Severity ?
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
previous versions , ≤ 12.8.3
(12.8.3)
|
Credits
Inmarsat Government / Viasat
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:solarwinds:webhelpdesk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "webhelpdesk",
"vendor": "solarwinds",
"versions": [
{
"lessThanOrEqual": "12.8.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28986",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T14:32:53.512984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-08-15",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-28986"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:47.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-28986"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-15T00:00:00+00:00",
"value": "CVE-2024-28986 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"lessThanOrEqual": "12.8.3",
"status": "affected",
"version": "previous versions",
"versionType": "12.8.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Inmarsat Government / Viasat"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. \u003c/p\u003e\u003cp\u003eWhile it was reported as an \u003cem\u003eunauthenticated\u003c/em\u003e\u0026nbsp;vulnerability, SolarWinds has been \u003cem\u003eunable to reproduce it\u003c/em\u003e\u0026nbsp;\u003cem\u003ewithout authentication\u003c/em\u003e\u0026nbsp;after thorough testing. \u0026nbsp;\u003c/p\u003e\u003cp\u003eHowever, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available. \u003c/p\u003e"
}
],
"value": "SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. \n\nWhile it was reported as an unauthenticated\u00a0vulnerability, SolarWinds has been unable to reproduce it\u00a0without authentication\u00a0after thorough testing. \u00a0\n\nHowever, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:53:10.914Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28986"
},
{
"url": "https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "All SolarWinds Web Help Desk customers are advised to upgrade to the latest version of the SolarWinds Web Help Desk 12.8.3 HF 1\u003cbr\u003e"
}
],
"value": "All SolarWinds Web Help Desk customers are advised to upgrade to the latest version of the SolarWinds Web Help Desk 12.8.3 HF 1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-28986",
"datePublished": "2024-08-13T22:06:45.234Z",
"dateReserved": "2024-03-13T20:27:09.782Z",
"dateUpdated": "2025-10-21T22:55:47.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35251 (GCVE-0-2021-35251)
Vulnerability from nvd – Published: 2022-03-09 15:38 – Updated: 2024-09-16 22:44
VLAI?
Summary
Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation.
Severity ?
5.3 (Medium)
CWE
- CWE-209 - Information Exposure Through an Error Message
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.7.7 HF 1 and Previous Versions , < 12.7.8
(custom)
|
Credits
SolarWinds would like to thank for Anthony Meluso reporting this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:33:51.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35251"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-7-8_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"lessThan": "12.7.8",
"status": "affected",
"version": "12.7.7 HF 1 and Previous Versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "SolarWinds would like to thank for Anthony Meluso reporting this vulnerability."
}
],
"datePublic": "2022-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Information Exposure Through an Error Message",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-09T15:38:01",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35251"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-7-8_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"value": "SolarWinds advises to upgrade to the latest version of Web Help Desk\n(WHD 12.7.8)."
}
],
"source": {
"defect": [
"CVE-2021-35251"
],
"discovery": "USER"
},
"title": "Sensitive Data Disclosure Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@solarwinds.com",
"DATE_PUBLIC": "2022-03-07T20:53:00.000Z",
"ID": "CVE-2021-35251",
"STATE": "PUBLIC",
"TITLE": "Sensitive Data Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Web Help Desk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "12.7.7 HF 1 and Previous Versions",
"version_value": "12.7.8"
}
]
}
}
]
},
"vendor_name": "SolarWinds"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "SolarWinds would like to thank for Anthony Meluso reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209 Information Exposure Through an Error Message"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35251",
"refsource": "MISC",
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35251"
},
{
"name": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-7-8_release_notes.htm",
"refsource": "MISC",
"url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-7-8_release_notes.htm"
}
]
},
"solution": [
{
"lang": "en",
"value": "SolarWinds advises to upgrade to the latest version of Web Help Desk\n(WHD 12.7.8)."
}
],
"source": {
"defect": [
"CVE-2021-35251"
],
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2021-35251",
"datePublished": "2022-03-09T15:38:01.677926Z",
"dateReserved": "2021-06-22T00:00:00",
"dateUpdated": "2024-09-16T22:44:56.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35243 (GCVE-0-2021-35243)
Vulnerability from nvd – Published: 2021-12-23 19:48 – Updated: 2024-09-16 17:18
VLAI?
Summary
The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity.
Severity ?
5.3 (Medium)
CWE
- CWE-749 - Exposed Dangerous Method or Function
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
12.7.7 and previous versions 12.7.7 HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:33:51.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35243"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.7.7 and previous versions 12.7.7 HF1"
}
]
}
],
"datePublic": "2021-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749 Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-27T18:48:19",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35243"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US"
}
],
"solutions": [
{
"lang": "en",
"value": "Affected customers are advised to upgrade to 12.7.7 Hotfix 1 once it becomes available."
}
],
"source": {
"defect": [
"CVE-2021-35243"
],
"discovery": "EXTERNAL"
},
"title": "HTTP PUT \u0026 DELETE Methods Enabled",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@solarwinds.com",
"DATE_PUBLIC": "2021-12-22T14:30:00.000Z",
"ID": "CVE-2021-35243",
"STATE": "PUBLIC",
"TITLE": "HTTP PUT \u0026 DELETE Methods Enabled"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Web Help Desk",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "12.7.7 and previous versions",
"version_value": "12.7.7 HF1"
}
]
}
}
]
},
"vendor_name": "SolarWinds"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-749 Exposed Dangerous Method or Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35243",
"refsource": "MISC",
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35243"
},
{
"name": "https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US",
"refsource": "MISC",
"url": "https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US"
}
]
},
"solution": [
{
"lang": "en",
"value": "Affected customers are advised to upgrade to 12.7.7 Hotfix 1 once it becomes available."
}
],
"source": {
"defect": [
"CVE-2021-35243"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2021-35243",
"datePublished": "2021-12-23T19:48:34.603987Z",
"dateReserved": "2021-06-22T00:00:00",
"dateUpdated": "2024-09-16T17:18:45.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32076 (GCVE-0-2021-32076)
Vulnerability from nvd – Published: 2021-08-26 14:53 – Updated: 2024-09-17 01:00
VLAI?
Summary
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.
Severity ?
5.3 (Medium)
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Web Help Desk |
Affected:
unspecified , ≤ 12.7.5
(custom)
|
Credits
SolarWinds would like to thank Moaaz Taha for reporting on the issue in a responsible manner.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Web Help Desk",
"vendor": "SolarWinds",
"versions": [
{
"lessThanOrEqual": "12.7.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "SolarWinds would like to thank Moaaz Taha for reporting on the issue in a responsible manner."
}
],
"datePublic": "2021-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the \u0027Web Help Desk Getting Started Wizard\u0027, especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-02T13:28:36",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076"
}
],
"solutions": [
{
"lang": "en",
"value": "SolarWinds has released version 12.7.6 and it is suggested to upgrade as soon as possible."
}
],
"source": {
"defect": [
"CVE-2021-32076"
],
"discovery": "UNKNOWN"
},
"title": "Access Restriction bypass vulnerability via referrer spoof - Business Logic Bypass",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@solarwinds.com",
"DATE_PUBLIC": "2021-08-20T14:12:00.000Z",
"ID": "CVE-2021-32076",
"STATE": "PUBLIC",
"TITLE": "Access Restriction bypass vulnerability via referrer spoof - Business Logic Bypass"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Web Help Desk",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "12.7.5"
}
]
}
}
]
},
"vendor_name": "SolarWinds"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "SolarWinds would like to thank Moaaz Taha for reporting on the issue in a responsible manner."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the \u0027Web Help Desk Getting Started Wizard\u0027, especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-290 Authentication Bypass by Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076",
"refsource": "MISC",
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076"
}
]
},
"solution": [
{
"lang": "en",
"value": "SolarWinds has released version 12.7.6 and it is suggested to upgrade as soon as possible."
}
],
"source": {
"defect": [
"CVE-2021-32076"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2021-32076",
"datePublished": "2021-08-26T14:53:25.774505Z",
"dateReserved": "2021-05-06T00:00:00",
"dateUpdated": "2024-09-17T01:00:44.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}