CVE-2024-28989: 
SolarWinds Web Help Desk vulnerability analysis and mitigation

SolarWinds Web Help Desk (WHD) was discovered to contain a hardcoded cryptographic key vulnerability (CVE-2024-28989), which was disclosed on February 11, 2025. This vulnerability affects Web Help Desk version 12.8.4 and all previous versions, potentially exposing sensitive information from the software (SolarWinds Advisory, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability is classified under CWE-798 (Use of Hard-coded Credentials) and CWE-321 (Use of Hard-coded Cryptographic Key), indicating the presence of embedded cryptographic material in the application that could compromise security (NVD).

The vulnerability could lead to the disclosure of sensitive information from the software. The CVSS scoring indicates high confidentiality impact (C:H) while maintaining no impact on integrity (I:N) or availability (A:N) of the system (NVD).

SolarWinds has released version 12.8.5 of Web Help Desk to address this vulnerability. The fix includes upgrades to the cryptographic algorithms between WHD and the database, requiring users to reselect their WHD database after upgrading to enable the updated connection (Release Notes).