The US cybersecurity agency CISA warns that a critical-severity hardcoded credentials vulnerability in SolarWinds Web Help Desk is exploited in attacks. The flaw is described as a hardcoded credential issue that allows remote, unauthenticated attackers to access internal WHD functionality and modify data. On October 15, SolarWinds announced the release of WHD 12.8.3 Hotfix 3, which includes the patches from the first two hotfixes and CISA added the vulnerability to its KEV list, urging federal agencies to address it as soon as possible.

Read more: https://www.securityweek.com/organizations-warned-of-exploited-solarwinds-web-help-desk-vulnerability/