CISA warns that a critical-severity hardcoded credentials vulnerability in SolarWinds Web Help Desk is exploited in attacks.

Exploitation of CVE-2024-28987 makes this the second time a critical flaw in SolarWinds WHD was exploited in the wild. Fixed days before CVE-2024-28987, another critical WHD bug (CVE-2024-28986) with a CVSS score of 9.8 out of 10 had reportedly allowed attackers to perform remote code execution (RCE) on vulnerable instances.

No word yet on scope of attacks A critical, hardcoded credential bug in SolarWinds' Web Help Desk products has been found and exploited by criminals, according to the US Cybersecurity and Infrastructure Security Agency,

A critical vulnerability in a SolarWinds product is being abused in the wild, and now US government agencies have a deadline to patch it or lose it. The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-28987 to its Known Exploited Vulnerabilities (KEV) catalog.

CISA has added three flaws to its 'Known Exploited Vulnerabilities' (KEV) catalog, among which is a critical hardcoded credentials flaw in SolarWinds Web Help Desk (WHD) that the vendor fixed in late August 2024.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities ( KEV) catalog,