CVE-2024-28987 is a vulnerability classified under CWE-798, indicating the use of hard-coded credentials within the SolarWinds Web Help Desk (WHD) software. This vulnerability affects versions up to and including 12.8.3 Hotfix 1. The presence of hard-coded credentials means that an attacker can remotely connect to the WHD application without any authentication or user interaction and gain unauthorized access to internal functionalities. This access allows the attacker to modify data within the system, potentially leading to data integrity violations and unauthorized changes to IT service management records. The vulnerability is remotely exploitable over the network (AV:N), requires no privileges (PR:N), no user interaction (UI:N), and affects the confidentiality and integrity of the system (C:H/I:H/A:N), resulting in a CVSS 3.1 base score of 9.1, which is considered critical. The vulnerability was publicly disclosed on August 21, 2024, with no known exploits in the wild at the time of publication. SolarWinds WHD is widely used by enterprises for IT service management, making this vulnerability particularly impactful. The lack of a patch at the time of disclosure necessitates immediate attention to mitigating exposure and monitoring for updates from SolarWinds.

For European organizations, the impact of CVE-2024-28987 is significant due to the widespread use of SolarWinds Web Help Desk in managing IT service operations. Exploitation can lead to unauthorized access to sensitive internal data, manipulation of service tickets, and potential disruption of IT support workflows. This compromises the confidentiality and integrity of organizational data and may facilitate further lateral movement within networks. Critical sectors such as finance, healthcare, government, and telecommunications that rely on SolarWinds WHD for operational continuity face increased risk of data breaches and operational disruptions. The vulnerability's remote and unauthenticated nature increases the attack surface, especially for organizations exposing WHD interfaces to external or less trusted networks. The absence of known exploits currently provides a window for proactive defense, but the critical severity score underscores the urgency of mitigation to prevent potential exploitation.

1. Monitor SolarWinds communications closely for the release of an official patch addressing CVE-2024-28987 and apply it immediately upon availability. 2. Until a patch is available, restrict network access to the SolarWinds WHD application by implementing network segmentation and firewall rules to limit access only to trusted internal IP addresses. 3. Employ Web Application Firewalls (WAFs) to detect and block suspicious requests targeting the WHD interface. 4. Conduct thorough audits of existing WHD user accounts and logs to detect any unauthorized access or anomalous activities. 5. If possible, disable or remove the vulnerable WHD instance temporarily or migrate critical ITSM functions to alternative platforms. 6. Implement strict monitoring and alerting on the WHD server for unusual access patterns or configuration changes. 7. Educate IT staff about the vulnerability and ensure incident response plans include scenarios involving WHD compromise. 8. Review and harden the overall ITSM infrastructure to reduce the risk of lateral movement following a potential breach.