CVE-2024-28987

CRITICAL CISA KEV

CVSS v3

9.1

CRITICAL

EPSS Score

—

exploit probability

CISA KEV

Yes

known exploited

Exploitation

—

SSVC status

Description

The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.

CISA Known Exploited Vulnerability

Date Added: 10/15/2024
Patch Due Date: 11/5/2024
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Technical Details

CVSS v3 Vector: 3.1
Published: 8/21/2024
Last Modified: 10/27/2025

Frequently Asked Questions

What is CVE-2024-28987?

The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.

Is CVE-2024-28987 actively exploited?

Yes. CVE-2024-28987 is on the CISA Known Exploited Vulnerabilities (KEV) catalog, meaning it has been confirmed as actively exploited in the wild. CISA requires federal agencies to patch by 11/5/2024.

What is the CVSS score for CVE-2024-28987?

CVE-2024-28987 has a CVSS v3 base score of 9.1 (CRITICAL severity), with vector string 3.1.

Is CVE-2024-28987 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.

Check an IP Search CVEs

Back to CVE Database