Hardcoded Credential Vulnerability Found in SolarWinds Web Help Desk
thehackernews
|
Contributed by: Drex DeFord
Summary
SolarWinds has released patches for a critical vulnerability in its Web Help Desk software (CVE-2024-28987) that allows unauthenticated remote users to gain unauthorized access and modify data. Rated 9.1 on the CVSS scale, the flaw was discovered by Horizon3.ai's Zach Hanley. Users are advised to update to version 12.8.3 Hotfix 2, which requires prior installation of versions 12.8.3.1813 or 12.8.3 HF1. This follows a recent patch for another severe vulnerability (CVE-2024-28986) with a CVSS score of 9.8 that has been actively exploited, though specific attack details remain unknown. Further information on CVE-2024-28987 is anticipated next month, underscoring the urgency for timely updates.