{"id":356,"date":"2025-09-28T17:58:41","date_gmt":"2025-09-28T17:58:41","guid":{"rendered":"https:\/\/aldomonges.com\/aldomonges\/?p=356"},"modified":"2025-09-28T17:58:41","modified_gmt":"2025-09-28T17:58:41","slug":"vulnerabilidad-en-productos-solarwinds","status":"publish","type":"post","link":"https:\/\/aldomonges.com\/aldomonges\/?p=356","title":{"rendered":"Vulnerabilidad en productos SolarWinds"},"content":{"rendered":"<p>Se ha descubierto una vulnerabilidad de severidad cr\u00edtica en productos SolarWinds. Un actor malicioso podr\u00eda lograr la ejecuci\u00f3n remota de c\u00f3digo.<\/p>\n<p><strong>Productos afectados<\/strong><\/p>\n<ul class=\"wp-block-list\">\n<li>SolarWinds Web Help Desk, versiones anteriores a 12.8.7.<\/li>\n<\/ul>\n<p><strong>Impacto<\/strong><\/p>\n<p><strong>La vulnerabilidad se ha identificado como:<br \/>\n<\/strong><br \/>\n<strong>CVE-2025-26399:<\/strong>\u00a0con una puntuaci\u00f3n de 9.8 en CVSS v3.1. Existe una vulnerabilidad de deserializaci\u00f3n no autenticada en el componente AjaxProxy de SolarWinds Web Help Desk. Un actor malicioso no autenticado podr\u00eda enviar solicitudes manipuladas y lograr la ejecuci\u00f3n remota de c\u00f3digo en el sistema afectado.<\/p>\n<p><strong>Recomendaci\u00f3n<\/strong><\/p>\n<p>Actualizar a la \u00faltima versi\u00f3n disponible a trav\u00e9s del sitio web oficial del fabricante.<\/p>\n<p><strong>Referencias<\/strong><\/p>\n<ul class=\"wp-block-list\">\n<li>https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-26399<\/li>\n<li>https:\/\/documentation.solarwinds.com\/en\/success_center\/whd\/content\/release_notes\/whd_12-8-7-hotfix-1_release_notes.htm<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Se ha descubierto una vulnerabilidad de severidad cr\u00edtica en productos SolarWinds. Un actor malicioso podr\u00eda lograr la ejecuci\u00f3n remota de c\u00f3digo. Productos afectados SolarWinds Web [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":357,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-356","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-seguridad-informatica"],"jetpack_featured_media_url":"https:\/\/www.logo.wine\/a\/logo\/SolarWinds\/SolarWinds-Logo.wine.svg","_links":{"self":[{"href":"https:\/\/aldomonges.com\/aldomonges\/index.php?rest_route=\/wp\/v2\/posts\/356","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aldomonges.com\/aldomonges\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aldomonges.com\/aldomonges\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aldomonges.com\/aldomonges\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aldomonges.com\/aldomonges\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=356"}],"version-history":[{"count":1,"href":"https:\/\/aldomonges.com\/aldomonges\/index.php?rest_route=\/wp\/v2\/posts\/356\/revisions"}],"predecessor-version":[{"id":358,"href":"https:\/\/aldomonges.com\/aldomonges\/index.php?rest_route=\/wp\/v2\/posts\/356\/revisions\/358"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/aldomonges.com\/aldomonges\/index.php?rest_route=\/wp\/v2\/media\/357"}],"wp:attachment":[{"href":"https:\/\/aldomonges.com\/aldomonges\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=356"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aldomonges.com\/aldomonges\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=356"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aldomonges.com\/aldomonges\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=356"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}