Web Help Desk Hardcoded Credential Vulnerability

(CVE-2024-28987)

Summary

The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.

Affected Products

WHD 12.8.3 HF1 and all previous versions

Fixed Software Release

12.8.3 HF2

Acknowledgments

Zach Hanley

Advisory Details

Severity

9.1 Critical

Advisory ID

CVE-2024-28987

First Published

08/22/2024

Fixed Version

12.8.3 HF2

CVSS Score

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N