CVE ID
CVE-2024-28987
Vulnerability Name
SolarWinds Web Help Desk Hardcoded Credential Vulnerability
- Project: SolarWinds
- Product: Web Help Desk
Date
- Date Added: 2024-10-15
- Due Date: 2024-11-05
Description
SolarWinds Web Help Desk contains a hardcoded credential vulnerability that could allow a remote, unauthenticated user to access internal functionality and modify data.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28987 ; https://nvd.nist.gov/vuln/detail/CVE-2024-28987
Related Security News
- SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass
- SolarWinds fixes critical Web Help Desk RCE vulnerabilities, upgrade ASAP!
- SolarWinds Web Help Desk flaw is now exploited in attacks
- CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability
Top comments (0)