Mitigation Instructions for CVE-2024-28987
Subject: Mitigating CVE-2024-28987: Hardcoded Credentials Vulnerability in SolarWinds Web Help Desk
2 min read
CyRisk Vulnerability Management Team : Oct 3, 2024 5:23:47 PM
Subject: Mitigating Vulnerability in Unsupported Drupal 8.x
Tech Stack: Drupal 8.x
Date(s) Issued:
Criticality:
Overview:
The vulnerability arises because Drupal 8.x has reached its end-of-life (EoL) and is no longer maintained or supported by its vendor. Lack of support implies that no new security patches are released for this version, leaving the platform exposed to any vulnerabilities discovered after the EoL date. This exposure means attackers can potentially exploit vulnerabilities with no available fixes, which may lead to severe consequences such as data breaches, site defacement, or full system compromise.
To mitigate this vulnerability, the following steps are recommended:
Upgrade to a Supported Version:
Backup the Current System:
Alternative Measures (If Upgrade Is Not Immediately Feasible):
Sanitize Input and Update Modules:
Network Segmentation:
Monitor the Environment:
Verification of Mitigation:
drush
).Staying Updated:
Additional Resources:
Implementing these measures will significantly reduce the risk posed by the unsupported Drupal version and help maintain the security of your environment. Please proceed with these actions as a matter of urgency given the critical severity of the vulnerability.
Subject: Mitigating CVE-2024-28987: Hardcoded Credentials Vulnerability in SolarWinds Web Help Desk
Subject: Mitigating CVE-2017-1000486: Remote Code Execution Vulnerability in PrimeTek PrimeFaces
Subject: Mitigating Vulnerability in Unsupported Drupal 8.x