Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
SolarWinds: Critical RCE Bug Requires Urgent Patch
The vulnerability was given a high-severity CVSS score, indicating that customers should act swiftly to mitigate the flaw.
1 Min Read
Source: SOPA Images Limited via Alamy Stock Photo
SolarWinds is urging its customers to patch a critical vulnerability that was discovered in its Web Help Desk platform, tracked as CVE-2024-28986.
This vulnerability is a Java deserialization remote code execution (RCE) flaw that was initially discovered by researchers at Inmarsat Government.
Left unpatched, the vulnerability will allow an attacker to run commands on the host machine if exploited, the researchers reported in the advisory.
"While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing," the advisory stated.
CVE-2024-28986 was given a CVSS v3 score of 9.8, underscoring how critical it is that Web Help Desk customers apply the patch, which is now readily available, immediately.
The vendor recommends that all versions of Web Help Desk should be upgraded to version 12.8.3, and then the hotfix should be installed.
About the Author
You May Also Like
More Insights
Webinars
