**Name of the Vulnerable Software and Affected Versions**

SolarWinds Web Help Desk versions prior to 12.8.3 Hotfix 2

**Description**

SolarWinds Web Help Desk is susceptible to a Java deserialization remote code execution issue. Exploitation of this issue could allow an attacker to execute arbitrary commands on the host machine. The vulnerability is reported as being actively exploited. While initially reported as unauthenticated, SolarWinds has been unable to reproduce it without authentication after thorough testing. There have been reports of approximately 812 exposed instances globally, with 527 located in the United States. The **API endpoints** are not explicitly mentioned in the provided data. The vulnerability stems from improper handling of deserialization of untrusted data.

**Recommendations**

Update SolarWinds Web Help Desk to version 12.8.3 Hotfix 2 or later.

Audit all admin accounts on SolarWinds Web Help Desk.

Ensure backups of critical data are up-to-date.