CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
CVE-2024-28989: SolarWinds Web Help Desk Cryptographic Key Management Vulnerability
5.5
CVSS
Description
SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software.
Classification
CVE ID: CVE-2024-28989
CVSS Base Severity: MEDIUM
CVSS Base Score: 5.5
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
Vendor: SolarWinds
Product: Web Help Desk
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 11.94% (scored less or equal to compared to others)
EPSS Date: 2025-03-12 (when was this score calculated)
References
https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28989https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-5_release_notes.htm