SolarWinds Web Help Desk vulnerability rated critically high (9.8)

SolarWinds Web Help Desk vulnerability rated critically high (9.8)

SolarWinds Urges Patch for Critical Web Help Desk Vulnerability

SolarWinds, a popular IT management and help desk ticketing solution, has issued a warning to its users regarding a critical Java deserialization remote code execution vulnerability (CVE-2024-28986) in its Web Help Desk application. The vulnerability, which has a CVSS score of 9.8, indicating high severity, was first detected and tagged by Shadowserver on August 22, 2024.

The vulnerability impacts versions 12.8.3 and earlier of the SolarWinds Web Help Desk application. Users of these versions are advised to apply the hotfix out of an abundance of caution, as the vulnerability has been confirmed as exploited in the wild and is listed on the Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities (KEV) catalog.

However, it's important to note that the patch should not be applied if security assertion markup language for single-sign on is utilized, as a new patch will be issued to address that scenario. The patch for the vulnerability can be downloaded from the SolarWinds customer portal.

Fortunately, the patch does not require a reinstallation of the entire application. SolarWinds Web Help Desk versions 12.8.4 and later are not affected by the vulnerability.

SolarWinds disclosed the vulnerability in a Tuesday advisory, which was last updated on Friday. The company has not yet disclosed a timeline for the release of the patch addressing the issue with security assertion markup language for single-sign on.

The SolarWinds Web Help Desk application is widely used by various small to mid-sized businesses, and it's also popular among companies with remote workers. SolarWinds recommends users to test the patch in a non-production environment before applying it to their production systems.

Despite the confirmed exploitation of the vulnerability, the Cybersecurity and Infrastructure Security Agency has not reported any known exploitation of the vulnerability in the wild.

[1] Shadowserver. (2024). CVE-2024-28986: SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability. https://www.shadowserver.org/wiki/index.php/CVE-2024-28986 [4] CISA. (2025). Known Exploited Vulnerabilities (KEV). https://www.cisa.gov/known-exploited-vulnerabilities

1. The critical Java deserialization remote code execution vulnerability (CVE-2024-28986) in the SolarWinds Web Help Desk application is a matter of concern for cybersecurity, particularly for small to mid-sized businesses and companies with remote workers.
2. The exploitation of the vulnerable Java deserialization remote code execution in SolarWinds Web Help Desk has been confirmed, making it a significant issue in the realm of technology and general-news, with potential implications for crime-and-justice.
3. Given that the vulnerability (CVE-2024-28986) has been exploited and listed on the Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities (KEV) catalog, it is crucial for SolarWinds users to apply the hotfix promptly.

Read also: