heise PlusAbo
Anzeige

Security patch for SolarWinds Web Help Desk fixed again

Apparently the SolarWinds developers can't get a security hole in Web Help Desk under control. Does it work now?

listen Print view
A symbolic update button.

(Image: Photon photo/Shutterstock.com)

1 min. read
Security
By

The support ticket management software Web Help Desk (WHD) from SolarWinds has been vulnerable for around a year despite several security patches. Now there is another update. It is not yet known whether there have been any attacks meanwhile.

Final patch?

In the release notes for WHD 12.8.7 hotfix 1, the developers state that they have closed a “critical” vulnerability (CVE-2025-26399). According to the description, it affects the AjaxProxy component. This is where attackers can launch malicious code attacks without authentication to compromise host systems.

The developers state that the current security patch should now finally close the gap. The vulnerability has been known for around a year (CVE-2024-28986, CVE-2024-28988). According to the developers, the previous security patches could be bypassed.

Videos by heise

In a warning message, they describe how admins can update their instances

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten