August 23, 2024 at 04:09AM
SolarWinds released a second hotfix for an exploited Web Help Desk vulnerability, removing hardcoded credentials and fixing an SSO issue. The CVE-2024-28987 vulnerability with a CVSS score of 9.1 could allow remote users to access internal functionality. CISA quickly added the bug to its Known Exploited Vulnerabilities catalog, urging immediate hotfix implementation.
The meeting notes detailed SolarWinds’ announcement of a second hotfix for an exploited Web Help Desk vulnerability. The hotfix not only removes hardcoded credentials introduced in the first hotfix but also addresses an SSO issue and resolves a critical-severity remote code execution (RCE) bug. The initial flaw, tracked as CVE-2024-28986, allowed for Java deserialization RCE issue, and was added to the US cybersecurity agency CISA’s Known Exploited Vulnerabilities (KEV) catalog. It is recommended that organizations apply the Web Help Desk 12.8.3 Hotfix 2 as soon as possible.