CVE-2024-28986

Sažetak

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.

Reference

https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1
https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28986
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-28986

CVSS

Base:	9.8
Impact:	5.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

27-10-2025 - 17:01

Objavljeno

13-08-2024 - 23:15