cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-28989,https://securityvulnerability.io/vulnerability/CVE-2024-28989,Cryptographic Key Exposure in SolarWinds Web Help Desk,"SolarWinds Web Help Desk has been identified with a serious vulnerability linked to a hardcoded cryptographic key. This flaw enables unauthorized access to sensitive information stored within the application, posing a risk of data leaks and breaches. Organizations using affected versions of the product are encouraged to review their security measures and update to the latest version to mitigate potential threats.",Solarwinds,Web Help Desk,5.5,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-11T07:13:05.768Z,0
CVE-2024-45709,https://securityvulnerability.io/vulnerability/CVE-2024-45709,SolarWinds Web Help Desk vulnerability only affects limited installations,SolarWinds Web Help Desk was susceptible to a local file read vulnerability.  This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited.,Solarwinds,Web Help Desk,5.3,MEDIUM,0.0008999999845400453,false,,false,false,false,,,false,false,,2024-12-10T08:20:06.921Z,0
CVE-2024-28987,https://securityvulnerability.io/vulnerability/CVE-2024-28987,Unauthenticated Access to Internal Functionality and Data via Hardcoded Credentials,"The SolarWinds Web Help Desk software is susceptible to a hardcoded credential vulnerability that enables remote unauthenticated users to gain unauthorized access to the system's internal functionalities. This security flaw allows attackers to manipulate and modify critical data, potentially leading to severe implications for organizations relying on this software for managing their help desk services. Immediate attention to this vulnerability is essential in order to safeguard sensitive information and maintain operational integrity.",Solarwinds,Web Help Desk,9.1,CRITICAL,0.961929976940155,true,2024-10-15T00:00:00.000Z,true,false,true,2024-08-22T16:01:41.000Z,true,true,false,,2024-08-21T22:15:00.000Z,4932
CVE-2024-28986,https://securityvulnerability.io/vulnerability/CVE-2024-28986,SolarWinds Web Help Desk Vulnerable to Remote Code Execution,"CVE-2024-28986 is a critical vulnerability in SolarWinds Web Help Desk, allowing attackers to run commands on the host machine. It is a Java deserialization vulnerability affecting versions 12.4 through 12.8 of the software. SolarWinds has released a patch (version 12.8.3) and a hotfix (Web Help Desk 12.8.3 Hotfix 1) that customers are urged to install immediately. The Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities catalog, indicating active interest from threat actors. The exploitation of this vulnerability can have severe impacts, and organizations are advised to follow SolarWinds' instructions for installing the patch and hotfix as a matter of urgency.",Solarwinds,Web Help Desk,9.8,CRITICAL,0.026179999113082886,true,2024-08-15T00:00:00.000Z,true,false,true,2024-08-15T00:00:00.000Z,,false,false,,2024-08-13T23:15:00.000Z,0
CVE-2021-35251,https://securityvulnerability.io/vulnerability/CVE-2021-35251,Sensitive Data Disclosure Vulnerability,Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation.,Solarwinds,Web Help Desk,5.3,MEDIUM,0.0008500000112690032,false,,false,false,false,,,false,false,,2022-03-07T00:00:00.000Z,0
CVE-2021-35232,https://securityvulnerability.io/vulnerability/CVE-2021-35232,Hard credentials discovered in SolarWinds Web Help Desk which allows to execute Arbitrary Hibernate Queries,"Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database.",Solarwinds,Web Help Desk,6.1,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-12-27T19:15:00.000Z,0
CVE-2021-35243,https://securityvulnerability.io/vulnerability/CVE-2021-35243,HTTP PUT & DELETE Methods Enabled,"The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity.",Solarwinds,Web Help Desk,5.3,MEDIUM,0.0008500000112690032,false,,false,false,false,,,false,false,,2021-12-22T00:00:00.000Z,0
CVE-2021-32076,https://securityvulnerability.io/vulnerability/CVE-2021-32076,Access Restriction bypass vulnerability via referrer spoof - Business Logic Bypass,"Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.",Solarwinds,Web Help Desk,5.3,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2021-08-26T15:15:00.000Z,0
CVE-2019-16961,https://securityvulnerability.io/vulnerability/CVE-2019-16961,Cross-Site Scripting Vulnerability in SolarWinds Web Help Desk,"A security flaw in SolarWinds Web Help Desk 12.7.0 allows attackers to execute arbitrary JavaScript code via manipulation of a Schedule Name. This XSS vulnerability can potentially lead to unauthorized actions being performed in the context of the affected user's session, thereby compromising sensitive information or enabling further attacks. Users of the software are urged to address this vulnerability promptly to ensure their systems remain secure.",Solarwinds,Web Help Desk,5.4,MEDIUM,0.000859999970998615,false,,false,false,false,,,false,false,,2021-01-15T13:28:14.000Z,0
CVE-2019-16954,https://securityvulnerability.io/vulnerability/CVE-2019-16954,HTML Injection Vulnerability in SolarWinds Web Help Desk,"The SolarWinds Web Help Desk version 12.7.0 is susceptible to an HTML injection vulnerability that arises from improper validation of user-supplied input in the Comment field of Help Request tickets. This flaw allows attackers to inject malicious HTML code, potentially compromising the integrity of the application and enabling unauthorized access or manipulation of user sessions.",Solarwinds,Web Help Desk,5.4,MEDIUM,0.000859999970998615,false,,false,false,false,,,false,false,,2021-01-06T16:53:20.000Z,0
CVE-2019-16960,https://securityvulnerability.io/vulnerability/CVE-2019-16960,Cross-Site Scripting Vulnerability in SolarWinds Web Help Desk,"The SolarWinds Web Help Desk 12.7.0 is susceptible to a Cross-Site Scripting (XSS) vulnerability that can be exploited through a crafted CSV template file. Specifically, attackers can exploit this flaw by manipulating the Location Name field, potentially allowing them to execute arbitrary scripts in the context of the user’s browser. This could lead to unauthorized actions being performed on behalf of the user, making it crucial for administrators to apply necessary security measures to protect users from such exploits.",Solarwinds,Web Help Desk,5.4,MEDIUM,0.000859999970998615,false,,false,false,false,,,false,false,,2021-01-04T08:00:34.000Z,0
CVE-2019-16956,https://securityvulnerability.io/vulnerability/CVE-2019-16956,XSS Vulnerability in SolarWinds Web Help Desk Software,"A cross-site scripting (XSS) vulnerability in SolarWinds Web Help Desk version 12.7.0 allows attackers to inject malicious scripts through the Request Type parameter in a ticket. If exploited, this flaw can lead to unauthorized access and potential data breaches, making it crucial for users to ensure their software is updated and secure against such vulnerabilities.",Solarwinds,Web Help Desk,5.4,MEDIUM,0.000859999970998615,false,,false,false,false,,,false,false,,2021-01-04T07:56:50.000Z,0