Skip to main content

An article from

Dive Brief

SolarWinds Web Help Desk CVE scores a 9.8

SolarWinds urged customers to patch the vulnerability that could allow an attacker to run commands on a host machine, while CISA added the CVE to its KEV catalog.

Published Aug. 16, 2024

David Jones Reporter

SolarWinds — Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by ismagilov via Getty Images

Dive Brief:

SolarWinds is urging customers to patch a critical vulnerability in its Web Help Desk application, in a Tuesday advisory, which was last updated Friday.
The company disclosed a java deserialization remote code execution vulnerability that, if successfully exploited, could allow an attacker to run commands on a host machine. The vulnerability, listed as CVE-2024-28986, has a CVSS score of 9.8.
The Cybersecurity and Infrastructure Security Agency on Thursday added the CVE to its Known Exploited Vulnerabilities catalog.

Dive Insight:

SolarWinds Web Help Desk is a widely used application for IT management and help desk ticketing. The application is used by a variety of small to mid-sized businesses and companies with remote workers.

SolarWinds cautioned that while the issue was reported as an unauthenticated vulnerability, it was unable to reproduce the issue without prior authentication after conducting a thorough amount of testing.

The company said all users of the application should apply the hotfix out of an abundance of caution.

The company warned the patch should not be applied if security assertion markup language for single-sign on is utilized, as a new patch will be issued to address that scenario.

The issue impacts SolarWinds Web Help Desk versions 12.8.3 and earlier.

Filed Under: Vulnerability

Cybersecurity Dive news delivered to your inbox

Get the free daily newsletter read by industry experts

Select user consent: By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at anytime.

Ethan Miller via Getty Images

MGM Resorts warns customers of fraud as it faces class action lawsuits

The plaintiffs claim the company was negligent for failing to protect customer data despite prior warnings about previous attacks.

By David Jones • Sept. 25, 2023
Philipp Tur/Getty Images Plus via Getty Images

What is success in cybersecurity? Failing less.

Defenders aren’t measured by pure wins or losses. Intrusions will happen, and their job is to keep a bad situation from getting worse.

By Matt Kapko • April 26, 2024

Cybersecurity Dive news delivered to your inbox

Get the free daily newsletter read by industry experts

Select user consent: By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at anytime.

Editors' picks

Ethan Miller via Getty Images

MGM Resorts warns customers of fraud as it faces class action lawsuits

The plaintiffs claim the company was negligent for failing to protect customer data despite prior warnings about previous attacks.

By David Jones • Sept. 25, 2023
Philipp Tur/Getty Images Plus via Getty Images

What is success in cybersecurity? Failing less.

Defenders aren’t measured by pure wins or losses. Intrusions will happen, and their job is to keep a bad situation from getting worse.

By Matt Kapko • April 26, 2024

Latest in Vulnerability

Palo Alto Networks’ customer migration tool hit by trio of CVE exploits

By Matt Kapko
Microsoft revamps how it will disclose vulnerabilities

By David Jones
Citrix Session Recording users warned of CVEs that allow hackers to gain control

By David Jones
Zero-days from top security vendors were most exploited CVEs in 2023

By Matt Kapko

Get Cybersecurity Dive in your inbox

The free newsletter covering the top industry headlines

Select user consent: By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at anytime.