CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2024-28987

CVSS 9.1v3.1pub. 2024-08-21upd. 2025-10-27

The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Solarwinds Web Help Desk

    APP
    Solarwinds
    12.8.3< 12.8.3

CISA KEV — detailsi

Vendori
SolarWinds
Producti
Web Help Desk
Added to KEVi
October 15, 2024
Remediation deadline (US Federal)i
November 5, 2024(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

SolarWinds Web Help Desk contains a hardcoded credential vulnerability that could allow a remote, unauthenticated user to access internal functionality and modify data.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 5 listopada 2024
CWE
References

Related vulnerabilities

CVE-2025-40551CRITICAL9.8⚠ KEVPL ✓ten sam produkt

RCE przez deserializację w SolarWinds Web Help Desk — bez uwierzytelnienia

CVE-2025-26399CRITICAL9.8⚠ KEVPL ✓ten sam produkt

RCE przez deserializację AjaxProxy w SolarWinds Web Help Desk (nieuwierzytelniony)

CVE-2024-28986CRITICAL9.8⚠ KEVPL ✓ten sam produkt

RCE przez Java Deserialization w SolarWinds Web Help Desk

CVE-2025-40552CRITICAL9.8PL ✓ten sam produkt

SolarWinds Web Help Desk — pominięcie uwierzytelnienia (Auth Bypass)

CVE-2025-40553CRITICAL9.8PL ✓ten sam produkt

SolarWinds Web Help Desk — zdalne wykonanie kodu przez niebezpieczną deserializację