CVE-2024-28986

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.   However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*
cpe:2.3:a:solarwinds:web_help_desk:12.8.3:-:*:*:*:*:*:*

History

16 Aug 2024, 15:04

Type Values Removed Values Added
CPE cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*
cpe:2.3:a:solarwinds:web_help_desk:12.8.3:-:*:*:*:*:*:*
First Time Solarwinds web Help Desk
Solarwinds
References () https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1 - () https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1 - Vendor Advisory
References () https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28986 - () https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28986 - Vendor Advisory

14 Aug 2024, 17:15

Type Values Removed Values Added
Summary (en) SolarWinds Web Help Desk was susceptible to a Java Deserialization Remote Code Execution that would allow access to run commands on the host machine. (en) SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.   However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.

14 Aug 2024, 12:15

Type Values Removed Values Added
Summary
  • (es) Se descubrió que SolarWinds Web Help Desk era susceptible a una vulnerabilidad de ejecución remota de código de deserialización de Java que, si se explota, permitiría a un atacante ejecutar comandos en la máquina host. Si bien se informó como una vulnerabilidad no autenticada, SolarWinds no pudo reproducirla sin autenticación después de pruebas exhaustivas. Sin embargo, por precaución, recomendamos a todos los clientes de Web Help Desk que apliquen el parche, que ya está disponible.
Summary (en) SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.   However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available. (en) SolarWinds Web Help Desk was susceptible to a Java Deserialization Remote Code Execution that would allow access to run commands on the host machine.

14 Aug 2024, 00:15

Type Values Removed Values Added
Summary (en) SolarWinds Web Help Desk was susceptible to a Java Deserialization Remote Code Execution that would allow access to run commands on the host machine. (en) SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.   However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.

13 Aug 2024, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-13 23:15

Updated : 2024-08-16 15:04


NVD link : CVE-2024-28986

Mitre link : CVE-2024-28986

CVE.ORG link : CVE-2024-28986


JSON object : View

Products Affected

solarwinds

  • web_help_desk
CWE
CWE-502

Deserialization of Untrusted Data