“. 1 risk : government : businesses : home users : technical summary : multiple vulnerabilities have been discovered in solarwinds web help desk, the most severe of which could allow for arbitrary code execution. details of the most severe vulnerabilities are as follows : tactic :…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1078.001Default Accounts
79%
“##mediate penetration test findings : remediate penetration test findings based on the enterprise ’ s policy for remediation scope and prioritization. apply the principle of least privilege to all systems and services. run all software as a non - privileged user ( one without adm…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
68%
“multiple vulnerabilities in solarwinds web help desk could allow for arbitrary code execution multiple vulnerabilities in solarwinds web help desk could allow for arbitrary code execution ms - isac advisory number : 2026 - 008date ( s ) issued : 01 / 28 / 2026overview : multiple …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
63%
“##voke specific actions within web help desk. ( cve - 2025 - 40554 ) - solarwinds web help desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality. ( …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1018Remote System Discovery
31%
“m1016 : vulnerability scanning ) · - safeguard 16. 13 : conduct application penetration testing : conduct application penetration testing. for critical applications, authenticated penetration testing is better suited to finding business logic vulnerabilities than code scanning an…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Multiple vulnerabilities have been discovered in SolarWinds Web Help Desk, the most severe of which could allow for arbitrary code execution. SolarWinds Web Help Desk (WHD) is a web-based software that provides IT help desk and asset management functionality, allowing IT teams to manage service requests, track IT assets, and offer self-service options to end-users. Successful exploitation of the most severe of these vulnerabilities could allow an actor to execute code in the context of SYSTEM. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.