OR
     *cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:* versions up to (including) 12.8.2
     *cpe:2.3:a:solarwinds:web_help_desk:12.8.3:-:*:*:*:*:*:*

https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1 No Types Assigned

https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1 Vendor Advisory

https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28986 No Types Assigned

https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28986 Vendor Advisory

2024-08-15

2024-09-05

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability

SolarWinds Web Help Desk was susceptible to a Java Deserialization  Remote Code Execution that would allow access to run commands on the host machine.

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. 

While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.  

However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. 



While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.  



However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.

SolarWinds Web Help Desk was susceptible to a Java Deserialization  Remote Code Execution that would allow access to run commands on the host machine.

SolarWinds Web Help Desk was susceptible to a Java Deserialization  Remote Code Execution that would allow access to run commands on the host machine.

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. 



While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.  



However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.

SolarWinds AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SolarWinds CWE-502

SolarWinds Web Help Desk was susceptible to a Java Deserialization  Remote Code Execution that would allow access to run commands on the host machine.

SolarWinds https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1 [No types assigned]

SolarWinds https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28986 [No types assigned]