SolarWinds critical hardcoded credential bug under active exploit

October 16, 2024 at 04:03PM A critical credential vulnerability in SolarWinds’ Web Help Desk (CVE-2024-28987) allows unauthenticated remote access. Although patched in version 12.8.3 HF2, many instances remain vulnerable. The flaw is exploited by criminals, with significant risks of sensitive data exposure. This is SolarWinds’ second critical bug for the product in two months. ### … Read more

SolarWinds Web Help Desk flaw is now exploited in attacks

October 16, 2024 at 03:57PM CISA added three vulnerabilities to its ‘Known Exploited Vulnerabilities’ catalog, including a critical SolarWinds flaw (CVE-2024-28987) due to hardcoded credentials, actively exploited by attackers. Federal agencies must update by November 5, 2024. Additional flaws in Windows and Mozilla Firefox are also noted, with active exploitation confirmed. ### Meeting Takeaways 1. … Read more

CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability

October 16, 2024 at 01:42AM CISA has added a critical vulnerability (CVE-2024-28987) in SolarWinds Web Help Desk software to its KEV catalog, noting active exploitation. This flaw allows unauthorized remote access to modify sensitive help desk ticket data. Federal agencies must apply security fixes by November 5, 2024, to protect their networks. **Meeting Takeaways – … Read more

Patch Now: Second SolarWinds Critical Bug in Web Help Desk

August 23, 2024 at 03:00PM SolarWinds has released a patch for a second critical vulnerability in its Web Help Desk software, addressing hardcoded credentials that could allow remote attackers to modify data. The patch also addresses a previous Java deserialization issue. Customers are urged to update immediately to mitigate potential exploitation by threat actors. Based … Read more

SolarWinds Leaks Credentials in Hotfix for Exploited Web Help Desk Flaw

August 23, 2024 at 04:09AM SolarWinds released a second hotfix for an exploited Web Help Desk vulnerability, removing hardcoded credentials and fixing an SSO issue. The CVE-2024-28987 vulnerability with a CVSS score of 9.1 could allow remote users to access internal functionality. CISA quickly added the bug to its Known Exploited Vulnerabilities catalog, urging immediate … Read more

SolarWinds left critical hardcoded credentials in its Web Help Desk product

August 22, 2024 at 06:48PM SolarWinds acknowledged a critical security flaw (CVE-2024-28987) in its Web Help Desk (WHD) product, affecting versions 12.8.3 HF1 and earlier. The flaw allows unauthenticated attackers to manipulate sensitive data. An update, HF2, has been released to address the issue. Another critical vulnerability (CVE-2024-28986) has also been identified, with exploitation potential … Read more

Hardcoded Credential Vulnerability Found in SolarWinds Web Help Desk

August 22, 2024 at 01:54PM SolarWinds has released patches to fix a new security flaw in its Web Help Desk software that could permit unauthorized access. Tracked as CVE-2024-28987, the vulnerability is rated 9.1 in severity. Users are advised to update to version 12.8.3 Hotfix 2 to address the issue. Further details will be disclosed … Read more