Security News > 2024 > September > PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)
2024-09-25 14:07
Details about and proof-of-concept (PoC) exploit code for CVE-2024-28987, a recently patched SolarWinds Web Help Desk (WHD) vulnerability that could be exploited by unauthenticated attackers to remotely read and modify all help desk ticket details, are now public. “When assessing the exposure of our own clients, we found that organizations typically revealed sensitive process information for IT procedures such as user onboarding, password resets, and accessing shared resources. While this vulnerability does not lead to … More → The post PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/09/25/cve-2024-28987-poc/
Related news
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Week in review: Windows Server 2025 gets hotpatching option, PoC for SolarWinds WHD flaw released (source)
- Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824) (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) (source)
- Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems (source)
- New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution (source)
- Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-21 | CVE-2024-28987 | Use of Hard-coded Credentials vulnerability in Solarwinds web Help Desk The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data. | 9.1 |