The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NSolarwinds Web Help Desk
APPSolarwinds12.8.3< 12.8.3
CISA KEV — detailsi
- Vendori
- SolarWinds
- Producti
- Web Help Desk
- Added to KEVi
- October 15, 2024
- Remediation deadline (US Federal)i
- November 5, 2024(overdue)
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
SolarWinds Web Help Desk contains a hardcoded credential vulnerability that could allow a remote, unauthenticated user to access internal functionality and modify data.
Related vulnerabilities
RCE przez deserializację w SolarWinds Web Help Desk — bez uwierzytelnienia
RCE przez deserializację AjaxProxy w SolarWinds Web Help Desk (nieuwierzytelniony)
RCE przez Java Deserialization w SolarWinds Web Help Desk
SolarWinds Web Help Desk — pominięcie uwierzytelnienia (Auth Bypass)
SolarWinds Web Help Desk — zdalne wykonanie kodu przez niebezpieczną deserializację