Security News > 2024 > October > CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability
2024-10-16 04:54
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2024-28987 (CVSS score: 9.1), the vulnerability relates to a case of hard-coded credentials that could be abused to gain
News URL
https://thehackernews.com/2024/10/cisa-warns-of-active-exploitation-in.html
Related news
- CISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active Exploitation (source)
- Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability (source)
- CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel (source)
- Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-21 | CVE-2024-28987 | Unspecified vulnerability in Solarwinds web Help Desk The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data. | 9.1 |