SolarWinds Web Help Desk
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in SolarWinds Web Help Desk.
By the Year
In 2025 there have been 1 vulnerability in SolarWinds Web Help Desk with an average score of 5.5 out of ten. Last year, in 2024 Web Help Desk had 3 security vulnerabilities published. Right now, Web Help Desk is on track to have less security vulnerabilities in 2025 than it did last year. Last year, the average CVE base score was greater by 2.63
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 1 | 5.50 |
2024 | 3 | 8.13 |
2023 | 0 | 0.00 |
2022 | 1 | 5.30 |
2021 | 2 | 6.40 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Web Help Desk vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent SolarWinds Web Help Desk Security Vulnerabilities
SolarWinds Web Help Desk was found to have a hardcoded cryptographic key
CVE-2024-28989
5.5 - Medium
- February 11, 2025
SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software.
Use of Hard-coded Credentials
SolarWinds Web Help Desk Local File Read Vulnerability in Development/Test Mode
CVE-2024-45709
5.5 - Medium
- December 10, 2024
SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited.
Directory traversal
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability
CVE-2024-28987
9.1 - Critical
- August 21, 2024
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
Use of Hard-coded Credentials
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability
CVE-2024-28986
9.8 - Critical
- August 13, 2024
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.
Marshaling, Unmarshaling
Sensitive information could be displayed when a detailed technical error message is posted
CVE-2021-35251
5.3 - Medium
- March 10, 2022
Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation.
Generation of Error Message Containing Sensitive Information
The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier)
CVE-2021-35243
7.5 - High
- December 23, 2021
The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity.
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2
CVE-2021-32076
5.3 - Medium
- August 26, 2021
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.
Authentication Bypass by Spoofing
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for SolarWinds Web Help Desk or by SolarWinds? Click the Watch button to subscribe.
