Vulnerability found for Hardcoded Credentials in SolarWinds Web Help Desk

0
53
Vulnerability found for Hardcoded Credentials in SolarWinds Web Help Desk
Vulnerability found for Hardcoded Credentials in SolarWinds Web Help Desk

SolarWinds’ Web Help Desk (WHD) software has been updated to address a new security flaw. Remote, unauthorized users may be able to access affected instances without authorization due to this vulnerability.

A new security vulnerability in SolarWinds’ Web Help Desk (WHD) software has been patched. This vulnerability could allow remote, unauthenticated users to access vulnerable instances without authorization. In a new alert published today, the business stated that “a hardcoded credential vulnerability affects the SolarWinds Web Help Desk (WHD) software, allowing [a] remote, unauthenticated user to access internal functionality and modify data.” The problem, identified as CVE-2024-28987, has a critical severity rating of 9.1 according to the CVSS grading system. Zach Hanley, a security researcher from Horizon 3.AI, is recognized for having found and reported the vulnerability.

It is advised that users upgrade to version 12.8.3 Hotfix 2, however, doing so requires Web Help Desk versions 12.8.3.1813 or 12.8.3 HF1. The information was made public one week after SolarWinds took action to fix another serious flaw in the same program that might be used to run arbitrary code (CVE-2024-28986, CVSS score: 9.8). According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the vulnerability has now been actively exploited in the wild; however, it is currently unknown how it is being used in actual assaults. Since more information regarding CVE-2024-28987 is anticipated to be made public the following month, it is imperative that the fixes be applied as soon as possible to minimize any potential risks.

Also readAt Jar, we’ve leveraged cutting-edge technology to enhance our platform’s efficiency and user-friendliness, says Nishchay Ag, Co-founder and CEO of Jar

Do FollowCIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter 

About us:

CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.

CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.