Description

SolarWinds Web Help Desk has a hardcoded credential vulnerability. An unauthenticated attacker could gain access to the system, potentially allowing them to view sensitive information, manipulate data, and alter system configurations.

Remediation

Upgrade to the latest version of SolarWinds Web Help Desk.

References

Web Help Desk Hardcoded Credential Vulnerability (CVE-2024-28987)

Related Vulnerabilities

Microsoft SQL Server Other Vulnerability (CVE-2002-0643)

SharePoint CVE-2017-8511 Vulnerability (CVE-2017-8511)

Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-0594)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4579)

Grafana Improper Preservation of Permissions Vulnerability (CVE-2022-36062)

Severity

Critical

Classification

CVE-2024-28987 CWE-798 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Known Vulnerabilities Authentication Bypass