Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Solarwinds Subscribe
Filtered by product Web Help Desk
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-35251 1 Solarwinds 1 Web Help Desk 2022-03-14 5.0 MEDIUM 5.3 MEDIUM
Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation.
CVE-2021-35243 1 Solarwinds 1 Web Help Desk 2022-01-07 5.0 MEDIUM 7.5 HIGH
The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity.
CVE-2021-32076 1 Solarwinds 1 Web Help Desk 2021-09-23 5.0 MEDIUM 5.3 MEDIUM
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.
CVE-2019-16954 1 Solarwinds 1 Web Help Desk 2021-07-21 4.9 MEDIUM 5.4 MEDIUM
SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket.
CVE-2019-16961 1 Solarwinds 1 Web Help Desk 2021-01-21 3.5 LOW 5.4 MEDIUM
SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name.
CVE-2019-16960 1 Solarwinds 1 Web Help Desk 2021-01-06 3.5 LOW 5.4 MEDIUM
SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field.
CVE-2019-16956 1 Solarwinds 1 Web Help Desk 2021-01-06 3.5 LOW 5.4 MEDIUM
SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parameter of a ticket.