Security News > 2024 > August > Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)
A week after SolarWinds released a fix for a critical code-injection-to-RCE vulnerability (CVE-2024-28986) in Web Help Desk (WHD), another patch for another critical flaw (CVE-2024-28987) in the company’s IT help desk solution has been pushed out. CVE-2024-28987 CVE-2024-28987 stems from Web Help Desk having hardcoded credentials that can be misused by remote unauthenticated users to access internal functionality and modify data. The vulnerability was reported by Horizon3.ai vulnerability researcher Zach Hanley, after after digging into … More → The post Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/08/23/cve-2024-28987/
Related news
- Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986) (source)
- PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) (source)
- SolarWinds fixes critical RCE bug affecting all Web Help Desk versions (source)
- SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software (source)
- SolarWinds left critical hardcoded credentials in its Web Help Desk product (source)
- Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856) (source)
- Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218) (source)
- CISA warns critical SolarWinds RCE bug is exploited in attacks (source)
- Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800) (source)
- SolarWinds fixes hardcoded credentials flaw in Web Help Desk (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-08-21 | CVE-2024-28987 | The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data. | 9.1 |
2024-08-13 | CVE-2024-28986 | Deserialization of Untrusted Data vulnerability in Solarwinds web Help Desk SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. | 9.8 |