Description

SolarWinds Web Help Desk has a hardcoded credential vulnerability. An unauthenticated attacker could gain access to the system, potentially allowing them to view sensitive information, manipulate data, and alter system configurations.

Remediation

Upgrade to the latest version of SolarWinds Web Help Desk.

References

Web Help Desk Hardcoded Credential Vulnerability (CVE-2024-28987)

Related Vulnerabilities

Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-7471)

Atlassian Jira Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-20408)

MySQL CVE-2016-0642 Vulnerability (CVE-2016-0642)

MySQL CVE-2024-21231 Vulnerability (CVE-2024-21231)

e107 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-0457)

Severity

Critical

Classification

CVE-2024-28987 CWE-798 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Known Vulnerabilities Authentication Bypass