Description

SolarWinds Web Help Desk has a hardcoded credential vulnerability. An unauthenticated attacker could gain access to the system, potentially allowing them to view sensitive information, manipulate data, and alter system configurations.

Remediation

Upgrade to the latest version of SolarWinds Web Help Desk.

References

Web Help Desk Hardcoded Credential Vulnerability (CVE-2024-28987)

Related Vulnerabilities

SharePoint Origin Validation Error Vulnerability (CVE-2019-1442)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-34170)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-1762)

Nginx Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2012-2089)

Oracle Database Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2007-5897)

Severity

Critical

Classification

CVE-2024-28987 CWE-798 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Known Vulnerabilities Authentication Bypass