CVE-2024-28987

CVE Database · CVE-2024-28987

CVE-2024-28987

· CRITICALAnalyzed

CVSS v3.1

9.1

EPSS

93.16%

Published

Aug 21, 2024

Modified

Oct 27, 2025

CISA Known Exploited Vulnerability

Added: 2024-10-15 · Due: 2024-11-05

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (5)

All weaponized →

NucleiNuclei detection template TrickestTrickest PoC index GitHub PoCgh-ost00/CVE-2024-28987-POC★12 GitHub PoChorizon3ai/CVE-2024-28987★7 GitHub PoCalecclyde/CVE-2024-28987★1

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Weaknesses (CWE)

CWE-798

Affected Products (3)

solarwinds · web_help_desk (up to 12.8.3)vulnerable

solarwinds · web_help_deskvulnerable

References (4)

https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2

Release Notes

https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28987

Vendor Advisory

https://www.theregister.com/2024/08/22/hardcoded_credentials_bug_solarwinds_whd/

Press/Media CoverageThird Party Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-28987

US Government Resource

KEV Catalog EPSS Scores Vendors All CVEs