CISA has added three flaws to its 'Known Exploited Vulnerabilities' (KEV) catalog, among which is a critical hardcoded credentials flaw in SolarWinds Web Help Desk (WHD) that the vendor fixed in late August 2024.
https://www.bleepingcomputer.com/news/security/solarwinds-web-help-desk-flaw-is-now-exploited-in-attacks/
BleepingComputer /
npub1j7…v7hg2
2024-10-16 19:53:44
Author Public Key
npub1j7dz37jrwqhehe8ydzpk5kcjpnzzv53h7s54lj62nv5w9fcar34suv7hg2Published at
2024-10-16 19:53:44Event JSON
{
"id": "c72c4e0bdb2540c86c7ff2e14a7f69fe51999af0f78797aa3ff478316a05a4ef",
"pubkey": "979a28fa43702f9be4e468836a5b120cc4265237f4295fcb4a9b28e2a71d1c6b",
"created_at": 1729108424,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/users/BleepingComputer/statuses/113318849683104965",
"activitypub"
]
],
"content": "CISA has added three flaws to its 'Known Exploited Vulnerabilities' (KEV) catalog, among which is a critical hardcoded credentials flaw in SolarWinds Web Help Desk (WHD) that the vendor fixed in late August 2024.\n\nhttps://www.bleepingcomputer.com/news/security/solarwinds-web-help-desk-flaw-is-now-exploited-in-attacks/",
"sig": "61fa30cd1586664658ba71a531657bfe04d47cf7c66adc48f56e03b96460a00933fedf5cd1bd3609a220e52e24de5ec2996766b1858cfdc24ff50653bf2d95ab"
}