PT-2024-7019 · Solarwinds · Solarwinds Web Help Desk

Guy Lederfein

Published

2024-10-15

Updated

2025-09-27

CVE-2024-28988

CVSS v3.1

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

**Name of the Vulnerable Software and Affected Versions**

SolarWinds Web Help Desk versions prior to 12.8.3 Hotfix 2

**Description**

SolarWinds Web Help Desk is susceptible to a Java deserialization Remote Code Execution issue. Successful exploitation of this issue allows an unauthenticated attacker to execute arbitrary commands on the host machine. The vulnerability resides in the AjaxProxy component and involves the deserialization of untrusted data. This flaw is actively exploited.

**Recommendations**

Apply the hotfix released by SolarWinds for Web Help Desk.

Fix

RCE

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

BDU:2024-08272

CVE-2024-28988

ZDI-25-407

Affected Products

Solarwinds Web Help Desk

PT-2024-7019 · Solarwinds · Solarwinds Web Help Desk

Weakness Enumeration

Related Identifiers

Affected Products

References · 36