Filtered by vendor Solarwinds Subscriptions
Filtered by product Webhelpdesk Subscriptions
Total 8 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-28987 1 Solarwinds 2 Web Help Desk, Webhelpdesk 2024-11-29 9.1 Critical
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
CVE-2021-35254 1 Solarwinds 1 Webhelpdesk 2024-11-21 8.2 High
SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future.
CVE-2021-35232 1 Solarwinds 1 Webhelpdesk 2024-11-21 6.8 Medium
Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database.
CVE-2019-20002 1 Solarwinds 1 Webhelpdesk 2024-11-21 7.8 High
Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user.
CVE-2019-16959 1 Solarwinds 1 Webhelpdesk 2024-11-21 6.5 Medium
SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.
CVE-2019-16957 1 Solarwinds 1 Webhelpdesk 2024-11-21 5.4 Medium
SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account.
CVE-2019-16955 1 Solarwinds 1 Webhelpdesk 2024-11-21 5.4 Medium
SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request.
CVE-2024-28986 1 Solarwinds 2 Web Help Desk, Webhelpdesk 2024-08-16 9.8 Critical
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.   However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.