SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software

15-August-24

SolarWinds has released patches to address a critical security vulnerability in its Web Help Desk software that could be exploited to execute arbitrary code on susceptible instances.


The flaw, tracked as CVE-2024-28986 (CVSS score: 9.8), has been described as a deserialization bug.


SolarWinds Web Help Desk was found to be susceptible to a Java deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine


Assigned the CVE identifier CVE-2024-5914 (CVSS score: 7.0), the shortcoming impacts all versions of Cortex XSOAR CommonScripts before 1.12.33.


The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the SolarWinds flaw CVE-2024-28986 to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. Federal agencies are required to apply the fixes by September 5, 2024.

Read More…