CVE-2024-28986 - SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability

Vulnerability Name

SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability

Description

SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could allow for remote code execution.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28986

https://nvd.nist.gov/vuln/detail/CVE-2024-28986

Related News Articles

CISA Warns of Active Exploitation in SolarWinds Help Desk Software VulnerabilityOctober 16, 2024

PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)September 25, 2024

Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)August 23, 2024

Hardcoded Credential Vulnerability Found in SolarWinds Web Help DeskAugust 23, 2024

SolarWinds fixes hardcoded credentials flaw in Web Help DeskAugust 22, 2024