SolarWinds has identified a critical security flaw in its Web Help Desk (WHD) software, leading to the release of necessary patches to prevent unauthorized access from remote unauthenticated users.
According to a recent advisory, the discovered vulnerability, known as CVE-2024-28987, allows remote attackers to compromise internal security and manipulate data, posing a significant risk with a CVSS score of 9.1.
The flaw was detected and reported by security researcher Zach Hanley from Horizon3.ai.
Users are urged to update their WHD software to version 12.8.3 Hotfix 2, with compatibility requirements for Web Help Desk 12.8.3.1813 or 12.8.3 HF1.
This development follows SolarWinds’ recent efforts to address another critical vulnerability (CVE-2024-28986, CVSS score: 9.8) in the same software that could be exploited to execute arbitrary code.
While the latest flaw is actively being exploited, details regarding its real-world impact are yet to be fully understood, emphasizing the importance of timely security updates.
More information on CVE-2024-28987 is anticipated to be disclosed next month, underscoring the urgency for users to prioritize installing the updates to mitigate potential risks.