Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Hard credentials discovered in SolarWinds Web Help Desk which allows to execute Arbitrary Hibernate Queries
Vulnerability Description
Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
使用硬编码的凭证
Vulnerability Title
Solarwinds Web Help Desk 信任管理问题漏洞
Vulnerability Description
Solarwinds Web Help Desk是美国Solarwinds公司的一套服务台和资产管理软件。该软件支持集中式知识库、IT资产管理、项目和任务管理等功能。 SolarWinds Web Help Desk 存在信任管理问题漏洞,该漏洞源于在SolarWinds Web帮助台产品中发现的硬编码凭证。攻击者可利用该漏洞对数据库执行任意HQL查询,并窃取用户的密码哈希值或向数据库插入任意数据。
CVSS Information
N/A
Vulnerability Type
N/A