SolarWinds Web Help Desk has been identified as vulnerable to a Java Deserialization Remote Code Execution vulnerability, which was tracked as CVE-2024-28986. The vulnerability has been given a critical severity rating and a CVSS score of 9.8. Successful exploitation of the vulnerability may allow an attacker to execute commands on target systems.
The advisory states that “While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.”
A Java deserialization vulnerability is a security flaw when a Java application deserializes untrusted data. During deserialization, the data is transformed from a stream of bytes into an object that the application can use.
CISA acknowledged the active exploitation of CVE-2024-28986 by adding it to its Known Exploited Vulnerabilities Catalog and requesting users patch the flaw before September 5, 2024.
SolarWinds Web Help Desk (WHD) is a web-based IT help desk and asset management solution that combines IT ticketing with change management software. WHD helps IT departments gain visibility and control over their IT inventory, manage the lifecycle of assets, and optimize procurement and budgeting forecasting.
Affected Versions
The vulnerability affects SolarWinds Web Help Desk 12.8.3 and all previous versions.
Mitigation
Customers are advised to upgrade to SolarWinds Web Help Desk 12.8.3 HF 1 to patch the vulnerability.
For more information, please refer to the SolarWinds Security Advisory.
Qualys Detection
Qualys customers can launch scans with QIDs 380346 and 152160 to detect vulnerable assets and web applications.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28986
https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1
