SolarWinds Web Help Desk (WHD) 12.5.1

CPE Details

SolarWinds Web Help Desk (WHD) 12.5.1
solarwinds
web_help_desk
12.5.1
2021-03-05
14h09 +00:00
2021-03-09
15h43 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:solarwinds:web_help_desk:12.5.1:*:*:*:*:*:*:*

Informations

Vendor

solarwinds

Product

web_help_desk

Version

12.5.1

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-28989 2025-02-11 07h13 +00:00 SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software.
5.5
Moyen
CVE-2024-45709 2024-12-10 08h20 +00:00 SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited.
5.5
Moyen
CVE-2024-28987 2024-08-21 21h17 +00:00 The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
9.1
Critique
CVE-2024-28986 2024-08-13 22h06 +00:00 SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.   However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.
9.8
Critique
CVE-2021-35251 2022-03-09 15h38 +00:00 Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation.
5.3
Moyen
CVE-2021-35243 2021-12-23 19h48 +00:00 The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity.
7.5
Haute
CVE-2021-32076 2021-08-26 14h53 +00:00 Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.
5.3
Moyen
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.