CVE-2024-28986

CVSS V2 None CVSS V3 None

Description

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.

Overview

CVE ID
CVE-2024-28986

Assigner
SolarWinds

Vulnerability Status
PUBLISHED

Published Version
2024-08-13T22:06:45.234Z

Last Modified Date
2024-08-13T23:18:06.145Z

Weakness Enumerations

CWE	URL
CWE-502	http://cwe.mitre.org/data/definitions/502.html

References

Reference URL	Reference Tags
https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28986
https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-28986
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28986

History

Created	Old Value	New Value	Data Type	Notes
2024-08-14 13:12:54				Added to TrackCVE