PT-2024-7019 · Solarwinds · Solarwinds Web Help Desk
Guy Lederfein
·
Published
2024-10-15
·
Updated
2026-03-15
·
CVE-2024-28988
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
SolarWinds Web Help Desk versions prior to 12.8.3 Hotfix 2
Description
SolarWinds Web Help Desk is susceptible to a Java deserialization Remote Code Execution issue. Successful exploitation of this issue allows an unauthenticated attacker to execute arbitrary commands on the host machine. The vulnerability resides in the AjaxProxy component and involves improper deserialization of untrusted data. This flaw is actively exploited.
Recommendations
Apply the hotfix released by SolarWinds for versions prior to 12.8.3 Hotfix 2.
Fix
RCE
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Solarwinds Web Help Desk