CVE-2024-28987

Published Aug 21, 2024

Last updated 2 days ago

Analyzed

Description

The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.1
Impact score: 5.2
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity: CRITICAL

Known exploits

Data from CISA

Vulnerability name

SolarWinds Web Help Desk Hardcoded Credential Vulnerability

Exploit added on

Oct 15, 2024

Exploit action due

Nov 5, 2024

Required action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

psirt@solarwinds.com: CWE-798

Source

psirt@solarwinds.com

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BDE3AF89-F0D2-4F3C-9565-F6DEA8B2BAC7",
            "versionEndExcluding": "12.8.3"
          },
          {
            "criteria": "cpe:2.3:a:solarwinds:web_help_desk:12.8.3:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "331BF887-F099-419E-9664-EE2EC76E2E23"
          },
          {
            "criteria": "cpe:2.3:a:solarwinds:web_help_desk:12.8.3:hotfix1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7FCFD6C1-EF56-47F4-AFE5-AD8E54232FF8"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]