Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in SolarWinds Web Help Desk
Alerts

Critical Vulnerability in SolarWinds Web Help Desk

23 August 2024

SolarWinds has released a hotfix to address a critical vulnerability (CVE-2024-28987) affecting their Web Help Desk (WHD).

Successful exploitation of the vulnerability could allow a remote unauthenticated attacker to access internal functionality and modify data on targeted devices.

This vulnerability affects all versions of WHD up to 12.8.3 HF1.

Users and administrators of affected versions are advised to update their systems to WHD 12.8.3.1813 or 12.8.3 HF1 before deploying this hotfix. Users and administrators are also advised to create backups of all original files before replacing them during the hotfix installation process to avoid potential issues if the hotfix fails or not applied correctly.

More information is available here: 

https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2

https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28987

https://nvd.nist.gov/vuln/detail/CVE-2024-28987

https://www.bleepingcomputer.com/news/security/solarwinds-fixes-hardcoded-credentials-flaw-in-web-help-desk/

Back to top