Security News > 2024 > August > Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)
2024-08-23 10:26
A week after SolarWinds released a fix for a critical code-injection-to-RCE vulnerability (CVE-2024-28986) in Web Help Desk (WHD), another patch for another critical flaw (CVE-2024-28987) in the company’s IT help desk solution has been pushed out. CVE-2024-28987 CVE-2024-28987 stems from Web Help Desk having hardcoded credentials that can be misused by remote unauthenticated users to access internal functionality and modify data. The vulnerability was reported by Horizon3.ai vulnerability researcher Zach Hanley, after after digging into … More → The post Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/08/23/cve-2024-28987/
Related news
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910) (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-21 | CVE-2024-28987 | Unspecified vulnerability in Solarwinds web Help Desk The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data. | 9.1 |
| 2024-08-13 | CVE-2024-28986 | Deserialization of Untrusted Data vulnerability in Solarwinds web Help Desk SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. | 9.8 |