Advisory warns of 9.8 rated vulnerability.
SolarWinds has instructed users to patch a critical vulnerability in its Web Help Desk solution.
The vulnerability, tracked as CVE-2024-28986, is a Java deserialization vulnerability that could be exploited to achieve remote code execution, reports IT Pro.
In an advisory, Solarwinds said: “SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine.”
In its advisory, SolarWinds confirmed the vulnerability could be exploited, but noted it has been unable to reproduce the flaw without authentication after “thorough testing”.
Despite this, the firm insisted users should apply the patch immediately. The flaw was given a critical severity score of 9.8, SolarWinds revealed, marking it as ‘critical’.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.