What is the severity of CVE-2024-28989?

CVE-2024-28989 has been classified as a high severity vulnerability due to its potential for sensitive information disclosure.

How do I fix CVE-2024-28989?

To mitigate CVE-2024-28989, users should update SolarWinds Web Help Desk to the latest version that addresses the hardcoded cryptographic key issue.

What type of information could be disclosed due to CVE-2024-28989?

CVE-2024-28989 could allow an attacker to access sensitive information including user credentials and other confidential data.

Which versions of SolarWinds Web Help Desk are affected by CVE-2024-28989?

CVE-2024-28989 affects multiple versions of SolarWinds Web Help Desk; it is recommended to check the release notes for specifics.

Can CVE-2024-28989 be exploited remotely?

Yes, CVE-2024-28989 could potentially be exploited remotely if an attacker has network access to the vulnerable instance of SolarWinds Web Help Desk.

Vulnerability/
CVE-2024-28989

medium

5.5

CWE

321 798

11/2/2025

25/2/2025

CVE-2024-28989: SolarWinds Web Help Desk Cryptographic Key Management Vulnerability

First published: Tue Feb 11 2025(Updated: )

SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software.

Credit: psirt@solarwinds.com

Affected Software	Affected Version	How to fix
SolarWinds
SolarWinds	<12.8.5

Remedy

SolarWinds recommends customers upgrade to SolarWinds Web Help Desk version 12.8.5. as soon as it becomes available.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-28989?
CVE-2024-28989 has been classified as a high severity vulnerability due to its potential for sensitive information disclosure.
How do I fix CVE-2024-28989?
To mitigate CVE-2024-28989, users should update SolarWinds Web Help Desk to the latest version that addresses the hardcoded cryptographic key issue.
What type of information could be disclosed due to CVE-2024-28989?
CVE-2024-28989 could allow an attacker to access sensitive information including user credentials and other confidential data.
Which versions of SolarWinds Web Help Desk are affected by CVE-2024-28989?
CVE-2024-28989 affects multiple versions of SolarWinds Web Help Desk; it is recommended to check the release notes for specifics.
Can CVE-2024-28989 be exploited remotely?
Yes, CVE-2024-28989 could potentially be exploited remotely if an attacker has network access to the vulnerable instance of SolarWinds Web Help Desk.

agent/references
agent/remedy
agent/weakness
agent/title
agent/type
agent/description
agent/first-publish-date
agent/softwarecombine
collector/nvd-api
source/NVD
agent/severity
agent/author
agent/source
agent/event
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/solarwinds
canonical/solarwinds

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.