Security News > 2024 > September > PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)
2024-09-25 14:07
Details about and proof-of-concept (PoC) exploit code for CVE-2024-28987, a recently patched SolarWinds Web Help Desk (WHD) vulnerability that could be exploited by unauthenticated attackers to remotely read and modify all help desk ticket details, are now public. “When assessing the exposure of our own clients, we found that organizations typically revealed sensitive process information for IT procedures such as user onboarding, password resets, and accessing shared resources. While this vulnerability does not lead to … More → The post PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/09/25/cve-2024-28987-poc/
Related news
- Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986) (source)
- Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987) (source)
- SolarWinds fixes critical RCE bug affecting all Web Help Desk versions (source)
- SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software (source)
- Hardcoded Credential Vulnerability Found in SolarWinds Web Help Desk (source)
- SolarWinds left critical hardcoded credentials in its Web Help Desk product (source)
- Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633) (source)
- Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195) (source)
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
- Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-21 | CVE-2024-28987 | The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data. | 9.1 |