Patch now: Second SolarWinds critical bug in Web Help Desk

For the second week in a row, SolarWinds has released a patch for a critical vulnerability in its IT help and ticketing software, Web Help Desk (WHD).

According to its latest hotfix notice, the issue — tracked as CVE-2024-28987 — concerns hardcoded credentials that could allow a remote, unauthenticated attacker to break into WHD and modify data.

“Security is hard and a continuous process,” says Horizon3.ai vulnerability researcher Zach Hanley, who first discovered and reported the bug. “This application had just received a security look from being exploited in the wild, and a few years [before] had a different hardcoded credential vulnerability. Regular security reviews on the same application can still be valuable for companies.”

Two Critical Bugs & Two Urgent Fixes

On Aug. 13, SolarWinds released a hotfix for CVE-2024-28986, a Java deserialization issue that could have allowed an attacker to run commands on a targeted machine. It was given a “critical” 9.8 out of 10 score on the CVSS scale.

To read the complete article, visit Dark Reading.