1.0 Introduction
Recently, a critical vulnerability has been discovered in SolarWinds Web Help Desk (WHD) software that could be exploited to gain unauthorized access to affected systems.
2.0 Impact
Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive data within the SolarWinds Web Help Desk environment, modify or delete data, potentially disrupting operations or causing financial loss and use the compromised credentials to gain access to other systems within the organization’s network.
3.0 Affected Products
- SolarWinds Web Help Desk 12.8.3 HF1 and all previous versions
4.0 Recommendations
CyberSecurity Malaysia encourages users and administrators to review the SolarWinds Web Help Desk Hardcoded Credential Vulnerability and apply the necessary updates.
Kindly refer to the following URL: https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28987
Generally, we advise users to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact Cyber999 Incident Response Centre through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 08:30 -17:3the 0 MYT
Web: https://www.mycert.org.my
5.0 References