Security News > 2024 > August > Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)

Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)
2024-08-23 10:26

A week after SolarWinds released a fix for a critical code-injection-to-RCE vulnerability (CVE-2024-28986) in Web Help Desk (WHD), another patch for another critical flaw (CVE-2024-28987) in the company’s IT help desk solution has been pushed out. CVE-2024-28987 CVE-2024-28987 stems from Web Help Desk having hardcoded credentials that can be misused by remote unauthenticated users to access internal functionality and modify data. The vulnerability was reported by Horizon3.ai vulnerability researcher Zach Hanley, after after digging into … More → The post Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987) appeared first on Help Net Security.


News URL

https://www.helpnetsecurity.com/2024/08/23/cve-2024-28987/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-08-21 CVE-2024-28987 The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
network
low complexity
CWE-798
critical
 9.1
9.1
2024-08-13 CVE-2024-28986 Deserialization of Untrusted Data vulnerability in Solarwinds web Help Desk
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine.
network
low complexity
solarwinds CWE-502
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 56 33 104 80 50 267