Despite the availability of fixes, a critical flaw in SolarWinds allowing remote access to sensitive credentials in its Web Help Desk (WHD) product has been actively exploited, labeled CVE-2024-28987 and listed in the known exploited vulnerabilities catalog by CISA. This flaw poses significant risks to federal enterprises. The vulnerability was hot-fixed in August but has been targeted by malicious cyber actors, impacting critical industries like healthcare, government, and financial services
This incident marks the second time a critical flaw in SolarWinds WHD has been exploited, with the company facing challenges following a supply-chain attack in 2020. The lack of specific details on the exploitation techniques raises concerns about the security of patched SolarWinds instances. ```https://www.csoonline.com/article/3567911/critical-solarwinds-flaw-finds-exploitations-in-the-wild-despite-available-fixes.html