Web Help Desk SolarWinds Web Help Desk

Do you want an email whenever new security vulnerabilities are reported in SolarWinds Web Help Desk?

By the Year

In 2024 there have been 0 vulnerabilities in SolarWinds Web Help Desk . Web Help Desk did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 1 5.30
2021 2 6.40
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Web Help Desk vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent SolarWinds Web Help Desk Security Vulnerabilities

Sensitive information could be displayed when a detailed technical error message is posted

CVE-2021-35251 5.3 - Medium - March 10, 2022

Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation.

Generation of Error Message Containing Sensitive Information

The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier)

CVE-2021-35243 7.5 - High - December 23, 2021

The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity.

Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2

CVE-2021-32076 5.3 - Medium - August 26, 2021

Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.

Authentication Bypass by Spoofing

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for SolarWinds Web Help Desk or by SolarWinds? Click the Watch button to subscribe.

SolarWinds
Vendor

subscribe