CVE-2024-28987

Name of the Vulnerable Software and Affected Versions SolarWinds Web Help Desk versions prior to 12.8.3 Hotfix 2

Description The SolarWinds Web Help Desk software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated users to access internal functionality and modify data. This vulnerability has been actively exploited, and it involves hard-coded credentials that allow attackers to access sensitive help desk tickets. Approximately 827 instances of SolarWinds Web Help Desk are reachable on the internet, with 76% of devices with externally accessible login screens not yet patched. The vulnerability could allow remote, unauthenticated attackers to access internal functionalities and modify data, potentially leading to severe security breaches.

Recommendations To resolve the issue, update to version 12.8.3 Hotfix 2 or later. If you haven't already done so, manually install the patch to prevent unauthorized access and data modification. As a temporary workaround, consider restricting access to the vulnerable module to minimize the risk of exploitation.