threat
engine
.sh
Back
·
··:··
Home
/
Product
/
solarwinds web help desk
Product
solarwinds web help desk
29 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-40554
< 2026.1
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an
9.8
CRITICAL
CVE-2025-40553
< 2026.1
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote
9.8
CRITICAL
CVE-2025-40552
< 2026.1
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a ma
9.8
CRITICAL
CVE-2025-40551
< 2026.1
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote
9.8
CRITICAL
CVE-2025-40537
< 2026.1
SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, coul
7.5
HIGH
CVE-2025-40536
< 2026.1
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an
8.1
HIGH
CVE-2025-26399
<= 12.8.6
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnera
9.8
CRITICAL
CVE-2024-28988
<= 12.8.2
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploi
9.8
CRITICAL
CVE-2025-26400
< 12.8.7
SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to in
5.3
MEDIUM
CVE-2024-28989
< 12.8.5
SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information
5.5
MEDIUM
CVE-2024-45709
< 12.8.4
SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installe
5.3
MEDIUM
CVE-2024-28987
< 12.8.3
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated u
9.1
CRITICAL
CVE-2024-28986
<= 12.8.2
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploi
9.8
CRITICAL
CVE-2021-35254
< 12.7.8
SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed
8.2
HIGH
CVE-2021-35251
< 12.7.8
Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose enviro
5.3
MEDIUM
CVE-2021-35232
<= 12.7.6
Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access t
6.8
MEDIUM
CVE-2021-35243
<= 12.7.7
The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dange
5.3
MEDIUM
CVE-2021-32076
<= 12.7.2
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web He
5.3
MEDIUM
CVE-2019-16961
all versions
SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name.
5.4
MEDIUM
CVE-2019-16954
all versions
SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket.
5.4
MEDIUM
CVE-2019-16960
all versions
SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field.
5.4
MEDIUM
CVE-2019-16956
all versions
SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parameter of a ticket.
5.4
MEDIUM
CVE-2019-16959
all versions
SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.
6.5
MEDIUM
CVE-2019-16957
all versions
SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account.
5.4
MEDIUM
CVE-2019-16955
all versions
SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request.
5.4
MEDIUM
CVE-2019-20002
all versions
Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in
7.8
HIGH
CVE-2009-1261
all versions
Multiple cross-site scripting (XSS) vulnerabilities in Web Help Desk 9.1.22 (evaluation version) allow remote attackers to inject
CVE-2009-0303
<= 9.1.17
Cross-site scripting (XSS) vulnerability in Web Help Desk before 9.1.18 allows remote attackers to inject arbitrary web script or
CVE-2004-2562
all versions
SQL injection vulnerability in jobedit.asp in Leigh Business Enterprises (LBE) Web Helpdesk before 4.0.0.81 allows remote attacker
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin