CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2024-28986

CVSS 9.8v3.1pub. 2024-08-13upd. 2025-10-27

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.   However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.

🤖 AI Analysis
How it works

The vulnerability stems from unsafe Java deserialization (CWE-502) — the application processes untrusted input without proper validation, enabling embedding of malicious payloads. Successful exploitation allows an attacker to execute commands directly on the host machine. The vulnerability was originally reported as not requiring authentication, however SolarWinds was unable to reproduce the exploit without authentication after exhaustive testing — the authentication requirement remains ambiguous.

Impact

An attacker can gain full control over the server by executing arbitrary system commands remotely (RCE), which threatens the confidentiality, integrity, and availability of the entire system.

Mitigation & patch

The patch provided by SolarWinds must be applied immediately — WHD 12.8.3 Hotfix 1, available at the address indicated in the vendor's references (support.solarwinds.com). SolarWinds recommends applying the update to all Web Help Desk product users.

Who is affected

SolarWinds Web Help Desk — versions indicated in the vendor's references (patch available in version WHD 12.8.3 Hotfix 1)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Solarwinds Web Help Desk

    APP
    Solarwinds
    12.8.3≤ 12.8.2

CISA KEV — detailsi

Vendori
SolarWinds
Producti
Web Help Desk
Added to KEVi
August 15, 2024
Remediation deadline (US Federal)i
September 5, 2024(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could allow for remote code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 5 września 2024
Tags
RCEDeserialization
CWE
References

Related vulnerabilities

CVE-2025-40551CRITICAL9.8⚠ KEVPL ✓ten sam produkt

RCE przez deserializację w SolarWinds Web Help Desk — bez uwierzytelnienia

CVE-2025-26399CRITICAL9.8⚠ KEVPL ✓ten sam produkt

RCE przez deserializację AjaxProxy w SolarWinds Web Help Desk (nieuwierzytelniony)

CVE-2024-28987CRITICAL9.1⚠ KEVPL ✓ten sam produkt

SolarWinds Web Help Desk – hardcoded credential umożliwia zdalny dostęp

CVE-2025-40552CRITICAL9.8PL ✓ten sam produkt

SolarWinds Web Help Desk — pominięcie uwierzytelnienia (Auth Bypass)

CVE-2025-40553CRITICAL9.8PL ✓ten sam produkt

SolarWinds Web Help Desk — zdalne wykonanie kodu przez niebezpieczną deserializację