SolarWinds Leaks Credentials in Hotfix for Exploited Web Help Desk Flaw

August 23, 2024 at 04:09AM SolarWinds released a second hotfix for an exploited Web Help Desk vulnerability, removing hardcoded credentials and fixing an SSO issue. The CVE-2024-28987 vulnerability with a CVSS score of 9.1 could allow remote users to access internal functionality. CISA quickly added the bug to its Known Exploited Vulnerabilities catalog, urging immediate … Read more

SolarWinds left critical hardcoded credentials in its Web Help Desk product

August 22, 2024 at 06:48PM SolarWinds acknowledged a critical security flaw (CVE-2024-28987) in its Web Help Desk (WHD) product, affecting versions 12.8.3 HF1 and earlier. The flaw allows unauthenticated attackers to manipulate sensitive data. An update, HF2, has been released to address the issue. Another critical vulnerability (CVE-2024-28986) has also been identified, with exploitation potential … Read more

SolarWinds fixes hardcoded credentials flaw in Web Help Desk

August 22, 2024 at 11:07AM SolarWinds has issued a hotfix addressing a critical Web Help Desk vulnerability. This vulnerability could enable unauthorized access to unpatched systems by exploiting hardcoded credentials. Based on the meeting notes, it’s important to highlight that SolarWinds has released a hotfix to address a critical vulnerability in the Web Help Desk. … Read more

CISA warns critical SolarWinds RCE bug is exploited in attacks

August 16, 2024 at 12:40PM CISA warns of attackers exploiting a critical vulnerability in SolarWinds’ Web Help Desk (WHD) software, allowing remote code execution. SolarWinds issued a hotfix, advising administrators to apply it, while also recognizing an issue for SAML Single Sign-On users. CISA mandates federal agencies to patch WHD servers by September 5. SolarWinds … Read more

SolarWinds: Critical RCE Bug Requires Urgent Patch

August 15, 2024 at 03:15PM SolarWinds advises customers to patch a critical CVE-2024-28986 vulnerability in its Web Help Desk platform, a Java deserialization RCE flaw. If exploited, attackers can run commands on the host machine. The software vendor recommends immediate patch application, urging all versions to be upgraded to 12.8.3 and the hotfix installed. Based … Read more

SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software

August 15, 2024 at 10:51AM SolarWinds has released a patch to fix a critical security flaw in its Web Help Desk software (CVE-2024-28986) that could allow remote code execution. Palo Alto Networks also addressed high and moderate-severity vulnerabilities in Cortex XSOAR and GlobalProtect, urging users to update to the latest versions to reduce risks and … Read more

SolarWinds Issues Hotfix for Critical Web Help Desk Vulnerability

August 15, 2024 at 09:21AM SolarWinds has released a hotfix for a critical-severity vulnerability in Web Help Desk, allowing remote attackers to execute arbitrary code. The CVE-2024-28986 affects versions 12.4 to 12.8, requiring the installation of version 12.8.3.1813. SolarWinds advises customers to upgrade, download the hotfix, and apply it, providing detailed installation instructions in their … Read more