PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)

Proof-of-concept exploit code for CVE-2024-28987, a vulnerability in SolarWinds’ Web Help Desk, is now public, allowing attackers to access and modify help desk tickets. Developers traced the flaw back to hardcoded login credentials. Despite a hotfix released a month ago, there are still potentially vulnerable instances of the software online. This puts sensitive IT procedure information at risk as attackers actively exploit this and another recently patched SolarWinds flaw.