Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
SolarWinds: Critical RCE Bug Requires Urgent Patch
The vulnerability was given a high-severity CVSS score, indicating that customers should act swiftly to mitigate the flaw.
1 Min Read
Source: SOPA Images Limited via Alamy Stock Photo
SolarWinds is urging its customers to patch a critical vulnerability that was discovered in its Web Help Desk platform, tracked as CVE-2024-28986.
This vulnerability is a Java deserialization remote code execution (RCE) flaw that was initially discovered by researchers at Inmarsat Government.
Left unpatched, the vulnerability will allow an attacker to run commands on the host machine if exploited, the researchers reported in the advisory.
"While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing," the advisory stated.
CVE-2024-28986 was given a CVSS v3 score of 9.8, underscoring how critical it is that Web Help Desk customers apply the patch, which is now readily available, immediately.
The vendor recommends that all versions of Web Help Desk should be upgraded to version 12.8.3, and then the hotfix should be installed.
About the Author
You May Also Like
More Insights
Webinars
Events
State of AI in Cybersecurity: Beyond the Hype
October 30, 2024[Virtual Event] The Essential Guide to Cloud Management
October 17, 2024Black Hat Europe - December 9-12 - Learn More
December 10, 2024SecTor - Canada's IT Security Conference Oct 22-24 - Learn More
October 22, 2024
_Tero_Vesalainen_Alamy.jpg?width=700&auto=webp&quality=80&disable=upscale)
