CVE-2024-28988

CRITICAL

9.8

Descripcion

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research. We recommend all Web Help Desk customers apply the patch, which is now available. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.

Detalles CVE

Puntuacion CVSS v3.19.8

SeveridadCRITICAL

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado9/1/2025

Ultima modificacion11/14/2025

Fuentenvd

Avistamientos honeypot0

Productos afectados

solarwinds:web_help_desk

Debilidades (CWE)

CWE-502

Referencias

https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-3(psirt@solarwinds.com)

https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28988(psirt@solarwinds.com)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.