Lucene search

AttackerKBAKB:F3DDBAB0-2B48-4A1A-8484-7D61CBE5AA76

HistoryAug 13, 2024 - 12:00 a.m.

CVE-2024-28986

2024-08-1300:00:00

attackerkb.com

solarwinds web help desk

java deserialization

remote code execution

patched vulnerability

authentication

host machine

patch available

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

Low

JSON

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine.

While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.

However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.

Recent assessments:

Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28986

support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1

www.solarwinds.com/trust-center/security-advisories/CVE-2024-28986

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

Low

JSON

Related for AKB:F3DDBAB0-2B48-4A1A-8484-7D61CBE5AA76