CVE-2024-28986 - SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability

CVE-2024-28986: SolarWinds | Web Help Desk

Date Added:
2024-08-15

Due Date:
2024-09-05

Vulnerability Name: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability

Description: SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could allow for remote code execution.

Known To Be Used in Ransomware Campaigns?: Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes: https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28986; https://nvd.nist.gov/vuln/detail/CVE-2024-28986

Related News Articles

CISA Warns of Active Exploitation in SolarWinds Help Desk Software VulnerabilityOctober 16, 2024

PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)September 25, 2024

Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)August 23, 2024

Hardcoded Credential Vulnerability Found in SolarWinds Web Help DeskAugust 23, 2024

SolarWinds fixes hardcoded credentials flaw in Web Help DeskAugust 22, 2024

Free security scan for your website

Don't show website scan report rating on the leaderboard