Overview
- Description
- SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.
- Source
- psirt@solarwinds.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Known exploits
Data from CISA
- Vulnerability name
- SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
- Exploit added on
- Aug 15, 2024
- Exploit action due
- Sep 5, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Weaknesses
- psirt@solarwinds.com
- CWE-502
Social media
- Hype score
- Not currently trending
Actively exploited CVE : CVE-2024-28986
@transilienceai
25 Oct 2024
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Threat Alert: SolarWinds critical hardcoded credential bug under active exploit CVE-2024-28986 Severity: ⚠️ Critical Maturity: 💥 Mainstream Learn more: https://t.co/xYnSoa6BNQ #CyberSecurity #ThreatIntel #InfoSec (1/3)
@fletch_ai
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5426A720-F345-4C8E-B5B5-76639D447A6D",
"versionEndIncluding": "12.8.2"
},
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:12.8.3:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "331BF887-F099-419E-9664-EE2EC76E2E23"
}
],
"operator": "OR"
}
]
}
]