{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-28987","assignerOrgId":"49f11609-934d-4621-84e6-e02e032104d6","state":"PUBLISHED","assignerShortName":"SolarWinds","dateReserved":"2024-03-13T20:27:09.782Z","datePublished":"2024-08-21T21:17:23.041Z","dateUpdated":"2025-10-21T22:55:46.764Z"},"containers":{"cna":{"affected":[{"defaultStatus":"affected","product":"Web Help Desk","vendor":"SolarWinds","versions":[{"status":"affected","version":"12.8.3 Hotfix 1 and previous versions"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Zach Hanley"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.<br><br>"}],"value":"The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data."}],"impacts":[{"capecId":"CAPEC-21","descriptions":[{"lang":"en","value":"CAPEC-21 Exploitation of Trusted Credentials"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":9.1,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-798","description":"CWE-798 Use of Hard-coded Credentials","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"49f11609-934d-4621-84e6-e02e032104d6","shortName":"SolarWinds","dateUpdated":"2024-08-22T11:43:41.569Z"},"references":[{"url":"https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28987"},{"url":"https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"SolarWinds recommends that customers upgrade to SolarWinds Web Help Desk v12.8.3 HF2 as soon as it becomes available.<br>"}],"value":"SolarWinds recommends that customers upgrade to SolarWinds Web Help Desk v12.8.3 HF2 as soon as it becomes available."}],"source":{"discovery":"EXTERNAL"},"title":"SolarWinds Web Help Desk Hardcoded Credential Vulnerability","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-28987","role":"CISA Coordinator","options":[{"Exploitation":"active"},{"Automatable":"yes"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2024-10-16T12:59:52.543547Z"}}},{"other":{"type":"kev","content":{"dateAdded":"2024-10-15","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-28987"}}}],"affected":[{"cpes":["cpe:2.3:a:solarwinds:webhelpdesk:*:*:*:*:*:*:*:*"],"vendor":"solarwinds","product":"webhelpdesk","versions":[{"status":"affected","version":"0","versionType":"custom","lessThanOrEqual":"12.8.3"}],"defaultStatus":"unknown"}],"references":[{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-28987","tags":["government-resource"]}],"timeline":[{"time":"2024-10-15T00:00:00.000Z","lang":"en","value":"CVE-2024-28987 added to CISA KEV"}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-21T22:55:46.764Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-24T22:45:30.565Z"},"references":[{"url":"https://www.theregister.com/2024/08/22/hardcoded_credentials_bug_solarwinds_whd/"}],"title":"CVE Program Container","x_generator":{"engine":"ADPogram 0.0.1"}}]}}