Vulnerabilities for Webhelpdesk (...) - CXSECURITY.COM

Vulnerabilities for 'Webhelpdesk'

2022-03-25

CVE-2021-35254

CWE-20

SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future.

2020-12-21

CVE-2019-16959

CWE-74

SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.

2020-12-18

CVE-2019-16957

CWE-79

SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account.

CVE-2019-16955

CWE-79

SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request.

>>> Vendor: Solarwinds 46 Products

Orion network performance monitor

Virtualization manager

Ip address manager web interface

Network configuration manager

Log and event manager

Server and application monitor

Orion ip address manager

Orion netflow traffic analyzer

Orion network configuration manager

Orion server and application manager

Orion user device tracker

Orion voip & network quality manager

Orion web performance monitor

Firewall security manager

Storage manager

N-able n-central

Storage resource monitor

Log & event manager

Network performance monitor

Sftp/scp server

Serv-u ftp server

Damewire mini remote control

Database performance analyzer

Dameware mini remote control firmware

Dameware remote support

Serv-u managed file transfer

Managed service provider patch management engine

Advanced monitoring agent

Webhelpdesk

Orion virtual infrastructure monitor

Serv-u file server

Dameware mini remote control

Kiwi syslog server

Access rights manager

Copyright 2024, cxsecurity.com