🚨 𝐂𝐕𝐄-𝟐𝟎𝟐𝟒-𝟓𝟒𝟕𝟗𝟎: 𝐒𝐐𝐋 𝐢𝐧𝐣𝐞𝐜𝐭𝐢𝐨𝐧 𝐢𝐧 𝐏𝐇𝐏𝐆𝐮𝐫𝐮𝐤𝐮𝐥 𝐏𝐫𝐞-𝐒𝐜𝐡𝐨𝐨𝐥 𝐄𝐧𝐫𝐨𝐥𝐥𝐦𝐞𝐧𝐭 𝐒𝐲𝐬𝐭𝐞𝐦 𝐯𝟏.𝟎 CVE-2024-54790 is a critical SQL Injection vulnerability in PHPGurukul Pre-School Enrollment System v1.0, specifically affecting the `/index.php` endpoint. The flaw occurs because the `visittime` parameter is not properly sanitized, allowing attackers to inject malicious SQL input. As a result, attackers can manipulate queries to gain unauthorized database access, modify data, or, in severe cases, execute arbitrary commands. This vulnerability aligns with CWE-89, improper neutralization of special SQL elements. Instead of treating user input as data, the application integrates it directly into the query structure. When untrusted input is passed through the `visittime` parameter, the SQL logic can be altered to leak sensitive information, modify records, or disrupt database operations. 𝐄𝐱𝐩𝐥𝐨𝐢𝐭𝐚𝐭𝐢𝐨𝐧 𝐫𝐞𝐪𝐮𝐢𝐫𝐞𝐬 𝐭𝐡𝐞 𝐟𝐨𝐥𝐥𝐨𝐰𝐢𝐧𝐠 𝐜𝐨𝐧𝐝𝐢𝐭𝐢𝐨𝐧𝐬 - The application processes the `visittime` parameter directly in SQL queries without validation or escaping. - The `/index.php` endpoint is accessible remotely. - The database server processes the injected commands. Given these conditions, the vulnerability is relatively straightforward to exploit, especially using automated tools or crafted payloads. 𝐓𝐡𝐞 𝐫𝐢𝐬𝐤𝐬 𝐩𝐨𝐬𝐞𝐝 𝐛𝐲 𝐭𝐡𝐢𝐬 𝐯𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐲 𝐚𝐫𝐞 𝐬𝐢𝐠𝐧𝐢𝐟𝐢𝐜𝐚𝐧𝐭 - Attackers can retrieve sensitive data, such as credentials or personal records. - Unauthorized queries can modify, delete, or corrupt critical database information. - Malicious input can overload the database, causing service disruptions. This results in a CVSS score of 7.5 (High), impacting confidentiality, integrity, and availability. 𝐓𝐨 𝐚𝐝𝐝𝐫𝐞𝐬𝐬 𝐭𝐡𝐢𝐬 𝐯𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐲 - Avoid embedding user input directly into SQL queries; validate and sanitize all inputs. - Use parameterized queries or prepared statements to separate input from query logic. - Upgrade to a secure version of PHPGurukul Pre-School Enrollment System once a patch is released. - Restrict database user permissions to limit the impact of unauthorized actions. - Deploy a Web Application Firewall (WAF) to detect and block SQL injection attempts in real-time. Stay vigilant! Source: https://lnkd.in/d8zhCpAN
CYBERNOE®,the first Secure by Design Assistant
Sécurité informatique et des réseaux
Functionality and security must coexist effectively!
À propos
CYBERNOE® is a Secure by Design assistant that enhances your capabilities, equipping you with security practices and knowledge, making application security an intuitive part of your development routine. We believe security should be an integral part of software development from the start. Functionality and security should coexist seamlessly, creating robust applications. We know the pressure developers face to create secure software. The fast pace of technology often makes security an afterthought. CYBERNOE® changes this by making security a default standard. We integrate security into the development environment, ensuring it’s as critical as functionality. `𝗖𝗬𝗕𝗘𝗥𝗡𝗢𝗘®, 𝘁𝗵𝗲 𝗳𝗶𝗿𝘀𝘁 𝗦𝗲𝗰𝘂𝗿𝗲 𝗯𝘆 𝗗𝗲𝘀𝗶𝗴𝗻 𝗔𝘀𝘀𝗶𝘀𝘁𝗮𝗻𝘁`, 𝒊𝒔 𝒂 𝒑𝒓𝒐𝒅𝒖𝒄𝒕 𝒅𝒆𝒗𝒆𝒍𝒐𝒑𝒆𝒅 𝒂𝒏𝒅 𝒐𝒘𝒏𝒆𝒅 𝒃𝒚 𝗖𝗬𝗕𝗔𝗟𝗚𝗢𝗥𝗜𝗦, 𝒂 𝑭𝒓𝒂𝒏𝒄𝒆-𝒃𝒂𝒔𝒆𝒅 𝒄𝒐𝒎𝒑𝒂𝒏𝒚. ______________________________________________ CYBERNOE® est un assistant Secure by Design. Il renforce vos capacités, vous dotant de pratiques et de connaissances en matière de sécurité. La sécurité applicative devient une partie intuitive de votre routine de développement. Nous croyons que la sécurité doit être une partie intégrante du développement logiciel dès le début. Fonctionnalité et sécurité doivent coexister sans heurts, créant ainsi des applications robustes. Nous sommes conscients de la pression à laquelle les développeurs sont soumis pour produire des logiciels. Le rythme rapide des évolutions technologiques fait souvent de la sécurité une réflexion tardive. CYBERNOE® change cela en faisant de la sécurité un standard naturel. Nous intégrons la sécurité dans l'environnement de développement, en veillant à ce qu'elle soit aussi essentielle que la fonctionnalité. Faites de la sécurité une partie fondamentale de votre processus de développement avec `𝗖𝗬𝗕𝗘𝗥𝗡𝗢𝗘®, 𝗹𝗲 𝗽𝗿𝗲𝗺𝗶𝗲𝗿 𝗮𝘀𝘀𝗶𝘀𝘁𝗮𝗻𝘁 𝗦𝗲𝗰𝘂𝗿𝗲 𝗯𝘆 𝗗𝗲𝘀𝗶𝗴𝗻`.
- Site web
-
www.cybernoe.com
Lien externe pour CYBERNOE®,the first Secure by Design Assistant
- Secteur
- Sécurité informatique et des réseaux
- Taille de l’entreprise
- 11-50 employés
- Siège social
- France
- Type
- Société civile/Société commerciale/Autres types de sociétés
Lieux
-
Principal
France, FR
Employés chez CYBERNOE®,the first Secure by Design Assistant
Nouvelles
-
Are passwords still worth the risk ❓ Phishing attacks, data breaches, endless password resets… Is this really the best we can do for security? What if we didn’t rely on memorized secrets at all? Emerging methods like passkeys, hardware-based tokens and biometric checks promise stronger protection and smoother sign-ins. Will these approaches reshape the way we think about authentication? #cybersecurity #authentication #passwordless #digitalidentity #datasecurity #passkeys
-
🚨 𝐂𝐕𝐄-𝟐𝟎𝟐𝟒-𝟗𝟕𝟕𝟒: 𝐒𝐐𝐋 𝐢𝐧𝐣𝐞𝐜𝐭𝐢𝐨𝐧 𝐯𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐲 𝐢𝐧 𝐩𝐲𝐭𝐡𝐨𝐧-𝐬𝐪𝐥 𝐄𝐱𝐩𝐫𝐞𝐬𝐬𝐢𝐨𝐧 𝐇𝐚𝐧𝐝𝐥𝐞𝐫 A critical SQL injection vulnerability has been identified in the python-sql library’s Expression Handler. The problem comes from improper handling of user-supplied input when processed through unary operators such as +, -, or NOT. The vulnerability allows attackers to manipulate SQL queries by injecting specially crafted input, risking the confidentiality, integrity and availability of the database. The python-sql library dynamically constructs SQL queries, enabling developers to build query components programmatically. In secure implementations, input passed into these components must be sanitized and escaped to prevent SQL injection. This vulnerability occurs because unary operators fail to escape special SQL characters when handling non-expression input, such as raw strings or untrusted variables. When developers incorporate user input into queries dynamically without proper sanitization, attackers can inject malicious SQL fragments to alter query logic. For example, instead of being treated as a simple condition, user input with special SQL syntax can introduce unintended commands, potentially leading to data exposure, unauthorized modifications, or destruction of database content. 𝐂𝐨𝐧𝐝𝐢𝐭𝐢𝐨𝐧𝐬 𝐟𝐨𝐫 𝐞𝐱𝐩𝐥𝐨𝐢𝐭𝐚𝐭𝐢𝐨𝐧: - The application relies on python-sql to dynamically build SQL queries. - User input is inserted into queries without adequate validation or escaping. - The library processes this untrusted input in unary operators. Exploitation is straightforward once the flaw is identified in an application, as SQL injection is a well-understood and widely documented attack vector. Although no public exploit has been released, the vulnerability is classified as critical due to its ease of exploitation and the significant risks it poses. 𝐌𝐢𝐭𝐢𝐠𝐚𝐭𝐢𝐨𝐧 𝐬𝐭𝐞𝐩𝐬: - Avoid passing untrusted or raw user input directly into query components, especially when using unary operators. - Use parameterized queries or prepared statements to separate user input from the query structure. - Validate all input to ensure it adheres to expected formats and reject anything containing special SQL characters unless explicitly required. - Monitor the python-sql repository for security patches and update to a secure version as soon as it becomes available. - Audit existing codebases for unsafe query construction practices, particularly those involving user input and dynamic query building. Stay vigilant! Source: https://lnkd.in/d4UUG4qG
-
🚨 𝐈𝐧𝐭𝐞𝐫𝐂𝐄𝐑𝐓 𝐅𝐫𝐚𝐧𝐜𝐞 is calling for stronger 𝐥𝐞𝐠𝐚𝐥 𝐚𝐜𝐜𝐨𝐮𝐧𝐭𝐚𝐛𝐢𝐥𝐢𝐭𝐲 for software and hardware vendors whose products repeatedly fail, introducing vulnerabilities that disrupt businesses and harm organizations. While CERTs and IT teams bear the weight of cybersecurity incidents, 𝐯𝐞𝐧𝐝𝐨𝐫𝐬 𝐞𝐬𝐜𝐚𝐩𝐞 𝐫𝐞𝐬𝐩𝐨𝐧𝐬𝐢𝐛𝐢𝐥𝐢𝐭𝐲, leaving their customers to deal with breaches, service outages and financial losses. The recent VPN failures exposed a harsh reality: vendors deliver flawed products, lack effective patches and prioritize profits over security. 𝐈𝐧𝐭𝐞𝐫𝐂𝐄𝐑𝐓 𝐅𝐫𝐚𝐧𝐜𝐞’𝐬 𝐦𝐞𝐬𝐬𝐚𝐠𝐞 𝐢𝐬 𝐜𝐥𝐞𝐚𝐫: a paradigm shift is needed. Vendors must be held responsible for their products' integrity and the damages they cause. 🔐⏳𝐓𝐡𝐞 𝐜𝐚𝐥𝐥 𝐟𝐨𝐫 𝐚𝐜𝐭𝐢𝐨𝐧 𝐢𝐬 𝐮𝐫𝐠𝐞𝐧𝐭. #cybersecurity #accountability #InterCERTFrance
InterCERT France calls for legal accountability
CYBERNOE®,the first Secure by Design Assistant sur LinkedIn
-
🚨 Prometheus vulnerabilities Prometheus, a frequently used open-source monitoring tool for systems like Kubernetes faces critical security risks, including information disclosure, Denial-of-Service (DoS) attacks and remote code execution through RepoJacking. These risks mainly arise from misconfigurations and publicly exposed components. -> Information disclosure in Prometheus servers and exporters Prometheus servers and exporters expose metrics endpoints to collect and store system data. By default, they do not enforce authentication. When publicly accessible, attackers can query endpoints like `/metrics` to retrieve sensitive data such as credentials, API keys, internal subdomains, Docker registries and backend paths. For instance, exposed Prometheus servers have leaked Docker registries, subdomains, and other internal details. Attackers can analyze these endpoints for secrets, potentially gaining unauthorized access to internal systems. -> Denial-of-Service Attacks via `/debug/pprof` Prometheus components, such as `prometheus/prometheus` and `node_exporter`, rely on the Go pprof package for debugging and performance profiling. The `/debug/pprof` endpoint, enabled by default, provides access to heap dumps, traces and profiling data. When exposed to the internet, this endpoint can be abused for DoS attacks. Repeated requests to endpoints like `/debug/pprof/heap?seconds={i} force` intensive profiling operations, consuming CPU and memory and leading to system instability or crashes. In cloud deployments, this can render hosts unresponsive and require reboots. In Kubernetes environments, the repeated crashing of pods consumes resources, degrades performance, and creates operational overhead. -> Remote code execution via RepoJacking Prometheus exporters, used to collect metrics from systems lacking native support for Prometheus, are often hosted in GitHub repositories referenced in official documentation. RepoJacking occurs when attackers take over abandoned or renamed repositories. If an exporter repository becomes available, attackers can recreate it with malicious code. Users deploying these exporters unknowingly execute malicious code on their systems. For example, exporters like AWS Cost Exporter and Nginx VTS Exporter have been linked to deleted or renamed accounts, leaving them vulnerable to takeover and exploitation. Mitigation - Enforce authentication and authorization for Prometheus servers and exporters to prevent unauthorized access. - Avoid exposing Prometheus components to the public internet; use VPNs or private networks for secure access. - Restrict or disable the /debug/pprof endpoint in production environments. - Apply CPU and memory resource limits to minimize the impact of potential DoS attacks. - Verify GitHub repository links before deploying exporters to ensure they are trusted and legitimate. Stay vigilant! Source: https://lnkd.in/df3N5aRH
-
🚨 𝐂𝐕𝐄-𝟐𝟎𝟐𝟒-𝟏𝟐𝟐𝟓𝟒: 𝐮𝐧𝐛𝐨𝐮𝐧𝐝𝐞𝐝 𝐦𝐞𝐦𝐨𝐫𝐲 𝐛𝐮𝐟𝐟𝐞𝐫𝐢𝐧𝐠 𝐢𝐧 𝐏𝐲𝐭𝐡𝐨𝐧’𝐬 𝐚𝐬𝐲𝐧𝐜𝐢𝐨 𝐦𝐨𝐝𝐮𝐥𝐞 A critical vulnerability, CVE-2024-12254, has been identified in Python’s asyncio module, specifically within the `_SelectorSocketTransport.writelines()` method. This problem affects Python 3.12.0 and later running on macOS and Linux systems. It can lead to uncontrolled memory consumption, potentially causing system memory exhaustion under certain conditions. In Python's `asyncio` framework, the `_SelectorSocketTransport.writelines()` method is responsible for handling buffered writes over socket-based transports. To manage memory efficiently, the high-water mark is used as a threshold: when the write buffer size grows beyond this mark, the system pauses further writes and signals the associated protocol to drain the buffer. In Python 3.12.0 and later, a regression in the method prevents it from properly pausing the writes when the buffer exceeds the high-water mark. This oversight disables the expected flow control mechanism, which means: The write buffer continues to grow unchecked if large or continuous writes are made. Protocols relying on the high-water mark to regulate memory usage never receive the pause signal. As the buffer expands indefinitely, memory usage skyrockets, leading to memory exhaustion or system instability. The vulnerability only manifests under specific circumstances: -> the Python version is 3.12.0 or later; -> the system is running on macOS or Linux; -> the application actively uses the `asyncio` module. -> the code employs the _SelectorSocketTransport.writelines() method, which was updated in Python 3.12.0 to introduce a zero-copy-on-write behavior. Applications that do not meet all of the above conditions are unaffected. When the flow control fails, memory usage grows unbounded, exhausting system resources. Applications that handle large or continuous data streams via asyncio are particularly vulnerable. This can cause significant disruption, including application crashes and degraded system performance. Severity and classification -> CWE-400: uncontrolled Resource Consumption. -> CWE-770: allocation of Resources Without Limits or Throttling. -> CVSS Score: 8.7 (High Severity) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The vulnerability can be remotely triggered under the described conditions, though the attack requires user interaction (for example initiating data writes via `asyncio`). To address CVE-2024-12254, apply the following measures: --> Update to the latest patched version (3.12.1 or higher) as soon as it becomes available. --> If upgrading is not possible, avoid using the `.writelines()` method in `asyncio` and use alternative methods for buffered writes. --> Use system-level memory limits or monitoring tools to detect and mitigate unexpected memory consumption. Stay vigilant! Source: https://lnkd.in/dK5iBCgb
-
CYBERNOE®,the first Secure by Design Assistant a republié ceci
🔐 Nous sommes heureux d'annoncer que 𝐂𝐘𝐁𝐀𝐋𝐆𝐎𝐑𝐈𝐒 soutient la 𝐖𝐨𝐦𝐞𝐧𝟒𝐂𝐲𝐛𝐞𝐫 𝐃𝐞𝐜𝐥𝐚𝐫𝐚𝐭𝐢𝐨𝐧, renforçant ainsi notre engagement à promouvoir la diversité et l'inclusion dans le secteur de la cybersécurité. Nous croyons fermement qu'une main-d'œuvre diversifiée améliore la collaboration, la productivité et l'innovation, permettant d’affronter plus efficacement les menaces cyber complexes. En soutenant cette initiative, nous aspirons à servir la promotion de la diversité des genres, renforçant ainsi la résilience de la main-d'œuvre en cybersécurité à travers l'Europe et au-delà. Nous adressons nos sincères félicitations à la Women4Cyber Foundation et à ses 𝟑𝟎 𝐜𝐡𝐚𝐩𝐢𝐭𝐫𝐞𝐬 𝐧𝐚𝐭𝐢𝐨𝐧𝐚𝐮𝐱 pour leurs efforts inlassables en faveur de l'inclusion et de la diversité. Nous encourageons d'autres acteurs à se joindre à ce mouvement pour une communauté de la cybersécurité plus inclusive et robuste. Soutenir la 𝐖𝐨𝐦𝐞𝐧𝟒𝐂𝐲𝐛𝐞𝐫 𝐃𝐞𝐜𝐥𝐚𝐫𝐚𝐭𝐢𝐨𝐧 est une réelle avancée dans cette direction. Pour en savoir plus et soutenir la Déclaration : https://lnkd.in/gqMWqAMs #Women4Cyber #cybersecurite #inclusion #diversite
Women4Cyber Declaration - Women4Cyber
https://women4cyber.eu
-
🚨 Apache Superset vulnerabilities Apache Superset has released version 4.1.0 to address three critical vulnerabilities: CVE-2024-53947 (SQL Injection), CVE-2024-53948 (Metadata Exposure), and CVE-2024-53949 (Authorization Bypass). These flaws can lead to unauthorized access, data leaks and privilege escalation, impacting Superset’s security controls. -> CVE-2024-53947 happen due to improper SQL authorization checks. In affected versions, Superset fails to block certain PostgreSQL functions `query_to_xml_and_xmlschema`, `table_to_xml` and `table_to_xml_and_xmlschema`. These functions allow attackers to execute arbitrary SQL queries, bypassing Superset’s security mechanisms. By crafting queries that invoke these functions, an attacker can retrieve database table metadata, access restricted information, or manipulate data. This vulnerability highlights a lack of validation for engine-specific SQL functions, exposing Superset to SQL injection attacks. -> CVE-2024-53948 exposes sensitive metadata through verbose error messages. When a query fails, Superset generates detailed errors that may include database-specific details such as table names, column structures, or schema information. For instance, error messages revealing the existence of specific database tables provide attackers with insights into the database structure. This information can be leveraged to plan further attacks, such as targeted SQL injections or privilege exploitation. The problem comes from Superset’s failure to restrict error verbosity in query handling, which unnecessarily exposes sensitive metadata to end users. -> CVE-2024-53949 occurs when the FAB_ADD_SECURITY_API configuration is enabled. This API, which allows role and permission management, fails to restrict access for lower-privileged users. In vulnerable versions, attackers can exploit the API to create new roles, assign elevated privileges, and gain unauthorized access to sensitive functionalities. While this API is disabled by default, enabling it without proper restrictions creates a critical security risk by bypassing Superset’s access controls. To protect Apache Superset deployments: - Upgrade to version 4.1.0, which addresses all three vulnerabilities. - For CVE-2024-53947, manually add the vulnerable PostgreSQL functions to the DISALLOWED_SQL_FUNCTIONS configuration if upgrading is not immediately possible. - Disable FAB_ADD_SECURITY_API unless explicitly required to prevent unauthorized privilege escalation. - Avoid exposing detailed database error messages to end users. Stay vigilant! Source: https://lnkd.in/dy-AHG_W https://lnkd.in/d7mqapnX https://lnkd.in/dZUwsfN3
-
🚨 Vulnerabilities in SAP products SAP's enterprise solutions are integral to many organizations, but vulnerabilities in these systems can lead to significant security risks. Recent advisories have identified multiple weaknesses across products like BusinessObjects, NetWeaver, Commerce Cloud and Web Dispatcher. These include Cross-Site Scripting (XSS), security policy bypasses and data confidentiality breaches. -> Cross-Site Scripting (XSS) in SAP Systems happen when user inputs are not properly sanitized or escaped before being reflected in a browser response. For example, a search query or URL parameter that accepts and returns user input directly into an HTML or JavaScript response enables attackers to inject malicious payloads. If input like <script>alert('XSS')</script> is accepted, the browser executes the script, leading to actions such as stealing cookies or hijacking sessions. This type of vulnerability impacts components like SAP NetWeaver AS for ABAP, Web Dispatcher and NetWeaver AS JAVA. -> Security policy bypass arises when authentication or authorization controls are improperly implemented. Attackers can exploit weak or hardcoded access policies, missing role-based validation, or misconfigured endpoints. In components such as SAP NetWeaver Administrator and BusinessObjects BI Platform, this allows unauthorized actions, including gaining administrative privileges. The issue stems from flaws in the access control logic within backend services, enabling attackers to circumvent intended restrictions. -> Data confidentiality breaches occur due to insecure access controls, weak encryption, or improper data storage. Vulnerabilities in products like SAP Commerce Cloud or HCM enable attackers to access exposed API services, exploit misconfigured storage permissions, or intercept unencrypted data. For example, outdated cryptographic configurations in NetWeaver Application Server ABAP can expose sensitive information to interception. Across SAP products, these vulnerabilities often stem from four common causes: improper input sanitization, weak session controls, missing access validation and outdated or unpatched components. Failure to validate and sanitize inputs leads to XSS attacks, while inadequate role management and misconfigured permissions allow attackers unauthorized access to sensitive functionalities. Systems lacking critical patches remain exposed to known exploits. Mitigation steps: - Update all affected SAP products with the latest security patches. - Validate and sanitize user inputs to block malicious scripts or characters. - Enforce role-based access controls with proper validation. - Use strong cryptographic protocols for data security. - Secure endpoints and disable unnecessary services. - Perform code reviews, penetration testing and vulnerability scan. Stay vigilant! Source: https://lnkd.in/dm8jAtyH
-
🚨 CVE-2024-45709: path traversal vulnerability in SolarWinds Web Help Desk on Linux SolarWinds Web Help Desk (WHD) versions up to 12.8.3 HF3 on Linux are affected by a path traversal vulnerability. The vulnerability is caused by improper input sanitization when handling file paths in WHD's development/test components. External input is used to construct file paths without properly neutralizing special path elements like `../ `. These special sequences allow the attacker to traverse outside the intended directory and access restricted files. When the Web Help Desk runs in non-default development/test mode on Linux: -> The software does not validate file paths constructed from user-supplied input. -> By manipulating the input, an attacker can send requests containing traversal sequences, such as `../../../`, to escape the intended directory. -> This allows unauthorized reading of sensitive files, such as configuration files, credentials, or system logs, depending on the permissions of the WHD process. The vulnerability affects only the Linux deployment and requires the software to operate in a testing configuration. Production systems using default configurations are not exposed to this flaw. This vulnerability is classified as CWE-22, which involves improper limitation of a path name to a restricted directory, commonly known as path traversal. It has a CVSS score of 5.3, indicating medium severity. The attack vector is described as CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N, meaning the attack can be initiated remotely, but it requires user interaction and specific non-default configurations, making exploitation more difficult. While no public exploit is currently available, the vulnerability remains remotely triggerable under the outlined conditions. Exploitation of this vulnerability can result in unauthorized access to sensitive local files on the server. The impact is limited to confidentiality, the flaw does not affect the system's integrity or availability. To address this vulnerability, follow these measures: - Upgrade to SolarWinds Web Help Desk version 12.8.4 or later, which resolves the path traversal issue. - Disable development/test mode on production systems. Ensure the software runs with default configurations. - Restrict network access to the WHD service. Only trusted IP addresses should have access to the system. - Implement file system permissions to ensure the WHD process has minimal access to sensitive directories and files. - Monitor and log file access requests to detect unusual or unauthorized attempts to read files on the server. Stay vigilant! Source: https://lnkd.in/dbEtgdAp