SolarWinds is urging its customers to patch a critical vulnerability in its Web Help Desk platform, tracked as CVE-2024-28986. The vulnerability, a Java deserialization remote code execution (RCE) flaw, has a high-severity CVSS score of 9.8 and could allow an attacker to run commands on the host machine if exploited.
Left unpatched, the vulnerability will remain exploitable. SolarWinds recommends that all versions of Web Help Desk be upgraded to version 12.8.3 and then the hotfix installed. The vendor has been unable to reproduce the vulnerability without authentication after thorough testing.
Source: https://www.darkreading.com/vulnerabilities-threats/solarwinds-critical-rce-bug-requires-urgent-patch