SolarWinds has released an update to a new security flaw in its Web Help Desk (WHD) software that could allow remote unauthenticated attackers to gain unauthorized access to vulnerable instances.
The vulnerability tracked as CVE-2024-28987 resided in SolarWinds WHD, which is an affordable Help Desk Ticketing and Asset Management Software that is widely used by large enterprises and government organizations.
The issue affects WHD 12.8.3 HF1 and all previous versions and was addressed with the release 12.8.3 HF2 and was discovered by the security researcher Zach Hanley from Horizon3.ai.
Additional details about CVE-2024-28987 are expected to be released soon, making it crucial that the updates are installed in a timely manner to mitigate potential threats
Last week, the U.S. CISA added another SolarWinds Web Help Desk deserialization of untrusted data vulnerability, tracked as CVE-2024-28986, to its KEV catalog Considering the criticality, this new bug is also expected to be added to KEV Catalog soon.
