- Description
- The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
- Source
- psirt@solarwinds.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- SolarWinds Web Help Desk Hardcoded Credential Vulnerability
- Exploit added on
- Oct 15, 2024
- Exploit action due
- Nov 5, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- psirt@solarwinds.com
- CWE-798
- Hype score
- Not currently trending
🔴 #SolarWinds Web Help Desk Hardcoded Credential Vulnerability (#CVE-2024-28987) - Critical - Critical https://t.co/0agRKX9t3T
@dailycve
29 Nov 2024
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ペネトレーションテストツールのMetasploit Frameworkが更新。RISC-Vへの対応、AD CS向けのSMB-to-HTTP(S)リレー攻撃、Python Execや深刻な脆弱性複数(SolarWinds Web Helop DesktopのCVE-2024-28987等)に対応するもの等の新規モジュール。 https://t.co/qdh8YRgdBW
@__kokumoto
12 Nov 2024
4600 Impressions
23 Retweets
95 Likes
34 Bookmarks
0 Replies
0 Quotes
Our latest @metasploit weekly wrap-up details multiple new modules including SolarWinds Web Help Desk (CVE-2024-28987) <= v12.8.3 to retrieve all tickets from the system. https://t.co/WFgEnhGTxx #infosec #cybersecurity
@Raj_Samani
11 Nov 2024
1411 Impressions
12 Retweets
23 Likes
2 Bookmarks
0 Replies
1 Quote
Actively exploited CVE : CVE-2024-28987
@transilienceai
30 Oct 2024
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-28987
@transilienceai
29 Oct 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-28987
@transilienceai
25 Oct 2024
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-47763 is getting exploited #inthewild. Find out more at https://t.co/DGlj86NDYu CVE-2024-45506 is getting exploited #inthewild. Find out more at https://t.co/CrRlKxpdFl CVE-2024-28987 is getting exploited #inthewild. Find out more at https://t.co/Ny6t3ci5XL
@inthewildio
23 Oct 2024
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-28987
@transilienceai
23 Oct 2024
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-28987
@transilienceai
20 Oct 2024
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Threat Alert: SolarWinds Web Help Desk Hit With Critical RCE Flaw (CVE-2024-28988, CVSS 9.8) CVE-2024-28987 CVE-2024-28988 Severity: ⚠️ Critical Maturity: 🧨 Trending Learn more: https://t.co/vN5DGQLY2C #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
19 Oct 2024
54 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
As a result of the investigation into the vulnerability CVE-2024-28987, which involves hardcoded credentials in SolarWinds Web Help Desk recently added to KEV, it has been found that out of 392 devices with externally accessible login screens, 76%, or 298 devices, have not yet…
@nekono_naha
1470 Impressions
6 Retweets
11 Likes
1 Bookmark
2 Replies
0 Quotes
🚨 Critical Cybersecurity Alert from CISA! 🚨 The US Cybersecurity and Infrastructure Security Agency (CISA) has flagged a critical vulnerability in SolarWinds Web Help Desk (WHD), tracked as CVE-2024-28987. This flaw has a CVSS score of 9.1 and poses a serious risk as it is… ht
@AladdinCyberae
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-28987
@transilienceai
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
برای SolarWinds Web Help Desk یا همان WHD آسیب پذیری با کد شناسایی CVE-2024-28987 منتشر شده است. این محصول توسط ۳۰۰ هزار کاربر در دنیا استفاده می شود . آسیب پذیری مربوطه به هکرها اجازه می دهد که بدون احراز هویت بتواند integrity دیتاها را تغییر دهند. https://t.co/Y2P1U3eX7Y https
@AmirHossein_sec
33 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
💥 A critical flaw in SolarWinds Web Help Desk (CVE-2024-28987) has been actively exploited, and it involves hard-coded credentials that allow attackers to access sensitive help desk tickets. Learn more: https://t.co/rAfJcYRIpD #infosec #cybersecurity
@MokraniMoustafa
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-28987
@transilienceai
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
💥 A critical flaw in SolarWinds Web Help Desk (CVE-2024-28987) has been actively exploited, and it involves hard-coded credentials that allow attackers to access sensitive help desk tickets. Learn more: https://t.co/CFeKwQ1zTj #infosec #cybersecurity
@TheHackersNews
12159 Impressions
52 Retweets
101 Likes
11 Bookmarks
2 Replies
0 Quotes
📌 وكالة الأمن السيبراني والبنية التحتية الأمريكية (CISA) أعلنت عن ثغرة حرجة في برنامج SolarWinds Web Help Desk، المسجلة تحت الرقم CVE-2024-28987، والتي تعاني من كلمات مرور مشفرة. تم إضافتها إلى قائمة الثغرات المستغلة بنشاط، مع تخوفات من استغلالها. #الامن_السيبراني https://t.co/
@cyberetweet
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
TheHackersNews: 💥 A critical flaw in SolarWinds Web Help Desk (CVE-2024-28987) has been actively exploited, and it involves hard-coded credentials that allow attackers to access sensitive help desk tickets. Learn more: https://t.co/doPZx9ETDC #infosec #cybersecurity
@jvquantum
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
💥 A critical flaw in SolarWinds Web Help Desk (CVE-2024-28987) has been actively exploited, and it involves hard-coded credentials that allow attackers to access sensitive help desk tickets. Learn more: https://t.co/YPrneieuBW
@Ind_Cyber_News
11 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-28987
@transilienceai
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISA ALERT! CVE-2024-28987: SolarWinds Web Help Desk Hardcoded Credential Vulnerability. It allows unauthenticated attackers to gain access and read or modify help desk tickets without authorization. This flaw can severely compromise data integrity and privacy. SolarWinds has… h
@Loginsoft_Inc
44 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
💥 تم استغلال ثغرة خطيرة في SolarWinds Web Help Desk (CVE-2024-28987) بشكل نشط، وهي تتضمن بيانات اعتماد مبرمجة مسبقًا تسمح للمهاجمين بالوصول إلى تذاكر خدمة المساعدة الحساسة. تعرف على المزيد: https://t.co/hdnnQKoTPH
@CERT_Arabic
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BDE3AF89-F0D2-4F3C-9565-F6DEA8B2BAC7",
"versionEndExcluding": "12.8.3"
},
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:12.8.3:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "331BF887-F099-419E-9664-EE2EC76E2E23"
},
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:12.8.3:hotfix1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7FCFD6C1-EF56-47F4-AFE5-AD8E54232FF8"
}
],
"operator": "OR"
}
]
}
]