SolarWinds Archives - Security Affairs

Pierluigi Paganini September 16, 2024

SolarWinds fixed critical RCE CVE-2024-28991 in Access Rights Manager

SolarWinds addressed a critical remote code execution vulnerability, tracked as CVE-2024-28991, in Access Rights Manager. SolarWinds released security updates to address a critical-severity remote code execution vulnerability, tracked as CVE-2024-28991 (CVSS score of 9.0), in SolarWinds Access Rights Manager (ARM) The flaw is a deserialization of untrusted data remote code execution vulnerability that impacts ARM 2024.3 […]

Pierluigi Paganini August 22, 2024

SolarWinds fixed a hardcoded credential issue in Web Help Desk

SolarWinds fixed a hardcoded credential flaw in its Web Help Desk (WHD) software that could allow attackers to gain unauthorized access to vulnerable instances. SolarWinds has addressed a new security flaw, tracked as CVE-2024-28987 (CVSS score of 9.1) in its Web Help Desk (WHD) software that could allow remote unauthenticated attackers to gain unauthorized access to […]

Pierluigi Paganini August 14, 2024

SolarWinds addressed a critical RCE in all Web Help Desk versions

SolarWinds addressed a critical remote code execution vulnerability in its Web Help Desk solution for customer support. SolarWinds fixed a critical vulnerability, tracked as CVE-2024-28986 (CVSS score 9.8), in SolarWinds’ Web Help Desk solution for customer support. The flaw is a Java deserialization issue that an attacker can exploit to run commands on a vulnerable host leading to […]

Pierluigi Paganini June 07, 2024

SolarWinds fixed multiple flaws in Serv-U and SolarWinds Platform

SolarWinds addressed multiple vulnerabilities in Serv-U and the SolarWinds Platform, including a bug reported by a pentester working with NATO. SolarWinds announced security patches to address multiple high-severity vulnerabilities in Serv-U and the SolarWinds Platform. The vulnerabilities affect Platform 2024.1 SR 1 and previous versions. One of the vulnerabilities addressed by the company, tracked as […]

Pierluigi Paganini February 19, 2024

SolarWinds addressed critical RCEs in Access Rights Manager (ARM)

SolarWinds addressed three critical vulnerabilities in its Access Rights Manager (ARM) solution, including two RCE bugs. SolarWinds has fixed several Remote Code Execution (RCE) vulnerabilities in its Access Rights Manager (ARM) solution. Access Rights Manager (ARM) is a software solution designed to assist organizations in managing and monitoring access rights and permissions within their IT […]

Pierluigi Paganini October 23, 2023

SolarWinds fixed three critical RCE flaws in its Access Rights Manager product

Researchers discovered three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager (ARM) product. Security researchers discovered three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager (ARM) product. SolarWinds Access Rights Manager (ARM) is a software solution developed by IT management and monitoring software provider SolarWinds, it was designed to help organizations […]

Pierluigi Paganini March 17, 2022

SolarWinds Warns of Attacks Targeting Web Help Desk Users

SolarWinds warns customers of potential cyberattacks targeting unpatched installs of its Web Help Desk (WHD) product. SolarWinds has published a security advisory to warn customers of the risk of cyberattacks targeting unpatched Web Help Desk (WHD) installs. The WHD is described by SolarWinds as an affordable Help Desk Ticketing and Asset Management Software. SolarWinds declared […]

Pierluigi Paganini January 20, 2022

Threat actors attempted to exploit SolarWinds Serv-U bug in attacks in the wild, Microsoft warns

Security vendor SolarWinds has fixed a Serv-U vulnerability that threat actors attempted to exploit in attacks in the wild. SolarWinds has addressed a vulnerability in Serv-U products that threat actors are actively exploited in the wild. The company pointed out that all the attack attempts failed. The vulnerability, tracked as CVE-2021-35247, was discovered by Microsoft security […]

Pierluigi Paganini November 09, 2021

Clop gang exploiting CVE-2021-35211 RCE in SolarWinds Serv-U in recent attack

The Clop ransomware gang is exploiting CVE-2021-35211 vulnerability in SolarWinds Serv-U to compromise corporate networks. Threat actors always look for new ways to compromise target networks, Clop ransomware gang (aka TA505, FIN11) is exploiting CVE-2021-35211 SolarWinds Serv-U vulnerability to breach businesses’ infrastructures and deploy its ransomware. The flaw is a remote code execution vulnerability that […]

Pierluigi Paganini September 03, 2021

Attacks against SolarWinds Serv-U SW were possible due to the lack of ASLR mitigation

SolarWinds did not enable anti-exploit mitigation available since 2006 allowing threat actors to target SolarWinds Serv-U FTP software in July attacks. Software vendor SolarWinds did not enable ASLR anti-exploit mitigation that was available since the launch of Windows Vista in 2006, allowing the attackers to launch targeted attacks in July. Microsoft, which investigated the incidents, […]

SolarWinds

SolarWinds fixed critical RCE CVE-2024-28991 in Access Rights Manager

SolarWinds fixed a hardcoded credential issue in Web Help Desk

SolarWinds addressed a critical RCE in all Web Help Desk versions

SolarWinds fixed multiple flaws in Serv-U and SolarWinds Platform

SolarWinds addressed critical RCEs in Access Rights Manager (ARM)

SolarWinds fixed three critical RCE flaws in its Access Rights Manager product

SolarWinds Warns of Attacks Targeting Web Help Desk Users

Threat actors attempted to exploit SolarWinds Serv-U bug in attacks in the wild, Microsoft warns

Clop gang exploiting CVE-2021-35211 RCE in SolarWinds Serv-U in recent attack

Attacks against SolarWinds Serv-U SW were possible due to the lack of ASLR mitigation

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Russia-linked APT Secret Blizzard targets foreign embassies in Moscow with ApolloShadow malware

Dahua Camera flaws allow remote hacking. Update firmware now

Researchers released a decryptor for the FunkSec ransomware

Apple fixed a zero-day exploited in attacks against Google Chrome users

PyPI maintainers alert users to email verification phishing attack

QUICK LINKS

SolarWinds

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!