Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): SOLARWINDS WEB HELP DESK
- Search Type: Search All
- Match: Exact
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-35232 |
Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database. Published: December 27, 2021; 2:15:08 PM -0500 |
V3.1: 6.1 MEDIUM V2.0: 3.6 LOW |
CVE-2021-32076 |
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback. Published: August 26, 2021; 11:15:06 AM -0400 |
V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2019-16961 |
SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name. Published: January 15, 2021; 9:15:14 AM -0500 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-16954 |
SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket. Published: January 06, 2021; 12:15:21 PM -0500 |
V3.1: 5.4 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2019-16960 |
SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field. Published: January 04, 2021; 3:15:13 AM -0500 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-16956 |
SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parameter of a ticket. Published: January 04, 2021; 3:15:13 AM -0500 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-16959 |
SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket. Published: December 21, 2020; 11:15:12 AM -0500 |
V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2019-16957 |
SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account. Published: December 18, 2020; 4:15:12 AM -0500 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-16955 |
SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request. Published: December 18, 2020; 4:15:12 AM -0500 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-16958 |
Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 12.7.0 allows attacker to inject arbitrary web script or HTML via Location Name. Published: December 01, 2020; 1:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |