The US Cybersecurity and Infrastructure Security Agency (CISA) has included a vulnerability in SolarWinds Web Help Desk, known as CVE-2024-28986 (with a CVSS score of 9.8), in its catalog of Known Exploited Vulnerabilities (KEV).
This week, SolarWinds fixed a vulnerability in its Web Help Desk solution for customer support. The flaw is a Java deserialization issue that attackers can exploit to run commands on a vulnerable host, potentially leading to remote code execution.
By infosecbulletin
/ Sunday , July 20 2025
Hewlett-Packard Enterprise (HPE) warns that Aruba Instant On Access Points have hardcoded credentials, enabling attackers to skip normal authentication and...
Read More
By infosecbulletin
/ Sunday , July 20 2025
The Akira ransomware group increased its attacks, adding 12 new victims to its dark web portal from July 15 to...
Read More
By infosecbulletin
/ Saturday , July 19 2025
Defence Minister Chan Chun Sing said these select units will work with the Cyber Security Agency (CSA) in a united...
Read More
By infosecbulletin
/ Saturday , July 19 2025
Google is suing 25 unidentified cybercriminals thought to be from China for running BADBOX 2.0, a major global botnet with...
Read More
By infosecbulletin
/ Saturday , July 19 2025
Oracle's July 2025 Critical Patch Update includes 309 new security patches, with 127 addressing remotely exploitable vulnerabilities. SecurityWeek found about...
Read More
By infosecbulletin
/ Saturday , July 19 2025
Cybersecurity researchers have revealed a new malware named MDifyLoader, linked to cyber attacks using security vulnerabilities in Ivanti Connect Secure...
Read More
By infosecbulletin
/ Saturday , July 19 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a crucial vulnerability in Fortinet FortiWeb in its Known Exploited Vulnerabilities...
Read More
By infosecbulletin
/ Saturday , July 19 2025
Security researcher Jeremiah Fowler discovered an online database exposing sensitive information from an adoption agency. Jeremiah Fowler Jeremiah specializes in...
Read More
By infosecbulletin
/ Friday , July 18 2025
A critical vulnerability in Cisco Identity Services Engine (ISE) and Cisco ISE-PIC, identified as CVE-2025-20337, has a CVSS score of...
Read More
By infosecbulletin
/ Thursday , July 17 2025
On Tuesday, Bangladesh Bank organized a special award ceremony at its headquarters in Dhaka to formally recognize and honor a...
Read More
SolarWinds explains that WHD is a cost-effective software used by big businesses and government organizations for Help Desk Ticketing and Asset Management.
“SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.” reads the advisory published by Solarwinds. “However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.”
CVE-2024-28986 affects all versions of Web Help Desk. Upgrade to WHD 12.8.3 and install the hotfix, as recommended by the software company.
Experts also suggest that private organizations should review the Catalog and fix any vulnerabilities in their infrastructure.
CISA orders federal agencies to fix this vulnerability by September 5, 2024.