Critical SolarWinds Web Help Desk Flaw Actively Exploited

A zero‑day vulnerability in SolarWinds Web Help Desk (WHD) is being probed in the wild. The flaw allows unauthenticated attackers to inject and execute arbitrary code on the WHD server, potentially compromising the ticketing system and any remote support sessions that rely on it.

Because WHD is widely deployed for IT service management, an exploited instance can give threat actors footholds inside corporate networks, facilitate lateral movement, and exfiltrate sensitive ticket data. Defenders should prioritize patching or applying vendor‑provided mitigations immediately, monitor for unusual WHD processes or network traffic, and enforce strict network segmentation for WHD servers.

Categories: Vulnerabilities & Exploits, Threat Intelligence, IAM

Source: Read original article