SolarWinds Web Help Desk: Two Critical Security Vulnerabilities Resolved

Estimated read time 2 min read

SolarWinds has released a hotfix that addresses two critical vulnerabilities, one of which allows for remote code execution and the other for hardcoded credentials. These vulnerabilities, identified as CVE-2024-28986 and CVE-2024-28987, have been fixed in WHD 12.8.3 Hotfix 1, ensuring the integrity and confidentiality of customer data.

CVE-2024-28986: Broken Access Control Remote Code Execution

The first vulnerability, CVE-2024-28986, is a Broken Access Control Remote Code Execution vulnerability that could allow an attacker to run commands on the host machine. Although SolarWinds was unable to reproduce the vulnerability without authentication, the company has taken a proactive approach by releasing a patch to prevent potential exploitation. This vulnerability has been assigned a severity rating of Critical, with a CVSS score of 9.8.

CVE-2024-28987: Hardcoded Credential Vulnerability

The second vulnerability, CVE-2024-28987, is a Hardcoded Credential vulnerability that allows remote, unauthenticated users to access internal functionality and modify data. This vulnerability has been assigned a severity rating of Critical, with a CVSS score of 9.1. The hardcoded credential vulnerability was discovered by Zach Hanley, who reported the issue in a responsible manner and worked with SolarWinds’ security, product, and engineering teams to fix the vulnerability.

What’s Included in the Hotfix

According to SolarWinds, the hotfix includes several key fixes, including:

  • Resolving the SolarWinds Web Help Desk Hardcoded Credential vulnerability
  • Adding more patterns to fix an SSO issue
  • Restoring missing Upload Attachments, Cancel, and Save buttons in the client application
  • Including fixes from 12.8.3 Hotfix 1, which resolve the SolarWinds Web Help Desk Broken Access Control Remote Code Execution vulnerability
Sying Tien

IT professional, Social media scholar and a Crypto expert. If you have any comments, suggestions or questions feel free to contact me at sying.tien@thecoinspost.com and i will get back to you shortly.

You May Also Like

More From Author