Security News > 2024 > October > CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability
2024-10-16 04:54
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2024-28987 (CVSS score: 9.1), the vulnerability relates to a case of hard-coded credentials that could be abused to gain
News URL
https://thehackernews.com/2024/10/cisa-warns-of-active-exploitation-in.html
Related news
- CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation (source)
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation (source)
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices (source)
- Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed (source)
- Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence (source)
- CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-21 | CVE-2024-28987 | Unspecified vulnerability in Solarwinds web Help Desk The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data. | 9.1 |