CVE-2024-28986

nvd nist nuclei

Published: Aug 13, 2024Modified: Oct 27, 2025CISA KEV

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: psirt@solarwinds.com (Secondary)

Description

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.

Affected (2)

Products: Solarwinds: Web Help Desk

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Solarwinds Web Help Desk	Up to 12.8.2
Solarwinds Web Help Desk	Version 12.8.3

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (3)

https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1

Source: psirt@solarwinds.com

Broken LinkVendor Advisory

https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28986

Source: psirt@solarwinds.com

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-28986

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.