CISA Known Exploited Vulnerability (KEV)
SolarWinds Web Help Desk Hardcoded Credential Vulnerability
October 15, 2024
November 5, 2024
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Description
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
References
Weakness Enumeration
CWE-ID | CWE Name |
---|---|
CWE-798 |
Use of Hard-coded Credentials |