Solarwinds Webhelpdesk — known CVE vulnerabilities
Every CVE whose affected-product data names Solarwinds Webhelpdesk, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2021-35254 — CVSS 8.2 (high): SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this…
CVE-2019-20002 — CVSS 7.8 (high): Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the…
CVE-2021-35232 — CVSS 6.8 (medium): Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web…
CVE-2019-16959 — CVSS 6.5 (medium): SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.