CVE-2024-28986: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability

CVE ID

CVE-2024-28986

Vulnerability Name

SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability

• Project: SolarWinds
• Product: Web Help Desk

Date

• Date Added: 2024-08-15
• Due Date: 2024-09-05

Description

SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could allow for remote code execution.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28986; https://nvd.nist.gov/vuln/detail/CVE-2024-28986

Related Security News

• SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw
• SolarWinds releases third patch to fix Web Help Desk RCE bug
• CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability
• PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)
• Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)
• Hardcoded Credential Vulnerability Found in SolarWinds Web Help Desk
• SolarWinds fixes hardcoded credentials flaw in Web Help Desk
• CISA warns critical SolarWinds RCE bug is exploited in attacks
• SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software
• Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List