This page lists publicly disclosed CVE vulnerabilities affecting solarwinds webhelpdesk (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-35254 | SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future. | [email protected] | 8.2 | 0.18% | 2022-03-25 | 2024-11-21 |
| CVE-2021-35232 | Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database. | [email protected] | 6.8 | 0.22% | 2021-12-27 | 2024-11-21 |
| CVE-2019-16959 | SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket. | [email protected] | 6.5 | 0.94% | 2020-12-21 | 2024-11-21 |
| CVE-2019-16957 | SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account. | [email protected] | 5.4 | 2.19% | 2020-12-18 | 2024-11-21 |
| CVE-2019-16955 | SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request. | [email protected] | 5.4 | 1.93% | 2020-12-18 | 2024-11-21 |
| CVE-2019-20002 | Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user. | [email protected] | 7.8 | 1.05% | 2020-04-27 | 2024-11-21 |