CVE-2024-28987
SolarWinds Web Help Desk Hardcoded Credential VulnerabilityThe SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
We have discovered 31 live websites that are affected by CVE-2024-28987.
Affected Software
| Product | |
| Category | Help desk |
| Vulnerable Domains | 31 live websites (65% of Web Help Desk install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 6 versions ( 50% of all versions) |
Common Weakness Enumeration
CWE-798 Use of Hard-coded CredentialsDetails
- Published - Aug 21, 2024
- Updated - Oct 21, 2025
Credits
- Zach Hanley (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-28987 United States | 23 websites |
 GB | 2 websites |
 Australia | 1 websites |
 Canada | 1 websites |
 Spain | 1 websites |
 Mexico | 1 websites |
 Tanzania | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2024-28987| .org | 10 websites |
| .com | 7 websites |
| .edu | 3 websites |
| .co.uk | 2 websites |
| .ca | 1 websites |
| .com.au | 1 websites |
| .net | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-28987
Top websites that are affected by CVE-2024-28987. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *******.vg | United States | **,***,*** | |
| *******.******.com | United States | **,***,*** | |
| *******.**********.edu | United States | **,***,*** | |
| ***.*********.org | **,***,*** | ||
| *******.****.***.au | Australia | **,***,*** | |
| ******.*******.gov | United States | **,***,*** | |
| *************.****.mx | Mexico | **,***,*** | |
| ********.************.com | United States | **,***,*** | |
| ***********.************.org | United States | **,***,*** | |
| ********.**********.org | United States | **,***,*** |
FAQ
CVE-2024-28987 is Use of Hard-coded Credentials in Web Help Desk
A total of 31 websites have been identified as vulnerable to CVE-2024-28987, based on global website indexing conducted by WebTechSurvey.
The Web Help Desk is affected by the CVE-2024-28987 vulnerability.
Web Help Desk versions up to and including 12.8.3 are vulnerable to CVE-2024-28987.