CISA KEV 정보
| 취약점명 | SolarWinds Web Help Desk Hardcoded Credential Vulnerability |
|---|---|
| 설명 | SolarWinds Web Help Desk contains a hardcoded credential vulnerability that could allow a remote, unauthenticated user to access internal functionality and modify data. |
| 조치사항 | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-798 |
| 등록일 (KEV) | 2024-10-15 |
| 조치 기한 | 2024-11-05 |
| 추가 참고 | https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28987 ; https://nvd.nist.gov/vuln/detail/CVE-2024-28987 |
NVD 상세 정보
CVSS v3.1: 9.1 CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N설명: The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
CWE: CWE-798
참조
- https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2 [Release Notes]
- https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28987 [Vendor Advisory]
- https://www.theregister.com/2024/08/22/hardcoded_credentials_bug_solarwinds_whd/ [Press/Media Coverage, Third Party Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-28987 [US Government Resource]
This product uses the NVD API but is not endorsed or certified by the NVD.