Security News
A week after SolarWinds released a fix for a critical code-injection-to-RCE vulnerability (CVE-2024-28986) in Web Help Desk (WHD), another patch for another critical flaw (CVE-2024-28987) in the...
Why go to the effort of backdooring code when devs will basically do it for you accidentally anyway SolarWinds left hardcoded credentials in its Web Help Desk product that can be used by remote,...
SolarWinds has issued patches to address a new security flaw in its Web Help Desk (WHD) software that could allow remote unauthenticated users to gain unauthorized access to susceptible instances....
SolarWinds has released a hotfix for a critical Web Help Desk vulnerability that allows attackers to log into unpatched systems using hardcoded credentials. [...]
CISA warned on Thursday that attackers are exploiting a recently patched critical vulnerability in SolarWinds' Web Help Desk solution for customer support. [...]
SolarWinds has released patches to address a critical security vulnerability in its Web Help Desk software that could be exploited to execute arbitrary code on susceptible instances. The flaw,...
SolarWinds has fixed a critical vulnerability in its Web Help Desk solution that may allow attackers to run commands on the host machine. "While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available," the company advises.
A critical vulnerability in SolarWinds' Web Help Desk solution for customer support could be exploited to achieve remote code execution, the American business software developer warns in a...
SolarWinds has addressed a set of critical security flaws impacting its Access Rights Manager software that could be exploited to access sensitive information or execute arbitrary code. Of the 11 vulnerabilities, seven are rated Critical in severity and carry a CVSS score of 9.6 out of 10.0.
A judge has mostly thrown out a lawsuit brought by America's financial watchdog that accused SolarWinds and its chief infosec officer of misleading investors about its computer security practices and the backdooring of its Orion product. In a Thursday ruling [PDF], US federal district Judge Paul Engelmayer dismissed all of the so-called "Post-SUNBURST" claims the SEC levied against SolarWinds.