Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-28987

The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.

Published

2024-08-21T22:15:04.350

Last Modified

2025-10-27T17:01:42.723

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.1 (CRITICAL)

Weaknesses

Type: Secondary
CWE-798

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	solarwinds	web_help_desk	< 12.8.3	Yes
Application	solarwinds	web_help_desk	12.8.3	Yes
Application	solarwinds	web_help_desk	12.8.3	Yes

References

https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2 Release Notes ([email protected])
https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28987 Vendor Advisory ([email protected])
https://www.theregister.com/2024/08/22/hardcoded_credentials_bug_solarwinds_whd/ Press/Media Coverage, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-28987 US Government Resource (134c704f-9b21-4f2e-91b3-4a467353bcc0)