CVE-2024-28987
Published Aug 21, 2024
·
Last updated 2 days ago
Description
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
Risk scores
CVSS 3.1
- Primary
- 9.1
- 5.2
- 3.9
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- CRITICAL
Known exploits
Data from CISA
SolarWinds Web Help Desk Hardcoded Credential Vulnerability
Oct 15, 2024
Nov 5, 2024
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Weaknesses
Source
psirt@solarwinds.com
Configurations
[ { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDE3AF89-F0D2-4F3C-9565-F6DEA8B2BAC7", "versionEndExcluding": "12.8.3" }, { "criteria": "cpe:2.3:a:solarwinds:web_help_desk:12.8.3:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "331BF887-F099-419E-9664-EE2EC76E2E23" }, { "criteria": "cpe:2.3:a:solarwinds:web_help_desk:12.8.3:hotfix1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FCFD6C1-EF56-47F4-AFE5-AD8E54232FF8" } ], "operator": "OR" } ] } ]