August 22, 2024 at 06:48PM SolarWinds acknowledged a critical security flaw (CVE-2024-28987) in its Web Help Desk (WHD) product, affecting versions 12.8.3 HF1 and earlier. The flaw allows unauthenticated attackers to manipulate sensitive data. An update, HF2, has been released to address the issue. Another critical vulnerability (CVE-2024-28986) has also been identified, with exploitation potential … Read more
August 22, 2024 at 01:54PM SolarWinds has released patches to fix a new security flaw in its Web Help Desk software that could permit unauthorized access. Tracked as CVE-2024-28987, the vulnerability is rated 9.1 in severity. Users are advised to update to version 12.8.3 Hotfix 2 to address the issue. Further details will be disclosed … Read more
August 22, 2024 at 11:07AM SolarWinds has issued a hotfix addressing a critical Web Help Desk vulnerability. This vulnerability could enable unauthorized access to unpatched systems by exploiting hardcoded credentials. Based on the meeting notes, it’s important to highlight that SolarWinds has released a hotfix to address a critical vulnerability in the Web Help Desk. … Read more
August 16, 2024 at 12:40PM CISA warns of attackers exploiting a critical vulnerability in SolarWinds’ Web Help Desk (WHD) software, allowing remote code execution. SolarWinds issued a hotfix, advising administrators to apply it, while also recognizing an issue for SAML Single Sign-On users. CISA mandates federal agencies to patch WHD servers by September 5. SolarWinds … Read more
August 16, 2024 at 06:10AM CISA warned of a critical vulnerability in SolarWinds Web Help Desk, CVE-2024-28986, allowing remote code execution. SolarWinds released a patch but noted an authentication requirement for successful exploitation. The flaw affects versions 12.4 to 12.8 and has been observed in the wild. Federal agencies must address vulnerable instances by September … Read more
August 15, 2024 at 03:15PM SolarWinds advises customers to patch a critical CVE-2024-28986 vulnerability in its Web Help Desk platform, a Java deserialization RCE flaw. If exploited, attackers can run commands on the host machine. The software vendor recommends immediate patch application, urging all versions to be upgraded to 12.8.3 and the hotfix installed. Based … Read more
August 15, 2024 at 10:51AM SolarWinds has released a patch to fix a critical security flaw in its Web Help Desk software (CVE-2024-28986) that could allow remote code execution. Palo Alto Networks also addressed high and moderate-severity vulnerabilities in Cortex XSOAR and GlobalProtect, urging users to update to the latest versions to reduce risks and … Read more
August 15, 2024 at 09:21AM SolarWinds has released a hotfix for a critical-severity vulnerability in Web Help Desk, allowing remote attackers to execute arbitrary code. The CVE-2024-28986 affects versions 12.4 to 12.8, requiring the installation of version 12.8.3.1813. SolarWinds advises customers to upgrade, download the hotfix, and apply it, providing detailed installation instructions in their … Read more
July 19, 2024 at 05:30PM The SEC lawsuit against SolarWinds and CISO Timothy Brown, accused of concealing security issues pre and post SUNBURST breach, has been dismissed by a judge. This outcome signifies a significant development in the legal proceedings. (49 words) Based on the meeting notes, it seems that there has been a development … Read more
July 19, 2024 at 04:33AM SolarWinds has addressed critical security flaws in its Access Rights Manager (ARM) software, including 11 vulnerabilities and their severity ratings. These flaws could allow attackers to access sensitive information and execute code with elevated privileges. The vulnerabilities have been fixed in version 2024.3 after responsible disclosure by the Trend Micro … Read more