Security News > 2024 > August > SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software
2024-08-15 13:19
SolarWinds has released patches to address a critical security vulnerability in its Web Help Desk software that could be exploited to execute arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-28986 (CVSS score: 9.8), has been described as a deserialization bug. "SolarWinds Web Help Desk was found to be susceptible to a Java deserialization remote code execution vulnerability
News URL
https://thehackernews.com/2024/08/solarwinds-releases-patch-for-critical.html
Related news
- SolarWinds fixes critical RCE bug affecting all Web Help Desk versions (source)
- Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986) (source)
- GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others (source)
- Critical Windows licensing bugs, plus two others under attack, top Patch Tuesday (source)
- Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP (source)
- SolarWinds fixes 8 critical bugs in access rights audit software (source)
- SolarWinds Patches 8 Critical Flaws in Access Rights Manager Software (source)
- Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch Now (source)
- CISA warns critical SolarWinds RCE bug is exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-13 | CVE-2024-28986 | Deserialization of Untrusted Data vulnerability in Solarwinds web Help Desk SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. | 9.8 |