SolarWinds Issues Hotfix for Critical Web Help Desk Vulnerability

Share This Post

SolarWinds has released a hotfix to address a critical-severity vulnerability in Web Help Desk (WHD) that could be exploited remotely to execute arbitrary code.

Described as a Java deserialization remote code execution (RCE) issue and tracked as CVE-2024-28986 (CVSS score of 9.8), the security defect could allow attackers to run arbitrary commands on the host machine, SolarWinds notes in its advisory.

According to the enterprise software maker, although the bug is rated critical severity, its exploitation requires authentication.

“While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing,” the company notes.

CVE-2024-28986 affects Web Help Desk versions 12.4 to 12.8, but the hotfix requires that Web Help Desk version 12.8.3.1813 is installed.

SolarWinds recommends that all customers upgrade to Web Help Desk 12.8.3, download the hotfix from the SolarWinds Customer Portal, and install it as soon as possible.

The hotfix, the company says, automatically adds a JAR file to a subfolder in the Web Help Desk home folder and modifies two other files, but also requires that users manually modify a file in the product’s config directory.

Detailed instructions on how to install the hotfix and which files need to be modified can be found in SolarWinds’ advisory.

Advertisement. Scroll to continue reading.

“We recommend all Web Help Desk customers apply the patch, which is now available,” the company notes.

SolarWinds makes no mention of this vulnerability being exploited in the wild, but threat actors are known to have targeted vulnerabilities in SolarWinds products.

Web Help Desk is a helpdesk solution that provides customers with a ticketing system, a centralized knowledge base, the ability to manage services and assets, Active Directory integration, and more.

Related: Ivanti Patches Critical Vulnerabilities in Neurons for ITSM, Virtual Traffic Manager

Related: SolarWinds Patches High-Severity Vulnerability Reported by NATO Pentester

Related: SAP Patches Critical Vulnerabilities in BusinessObjects, Build Apps

Related: Judge Dismisses Major SEC Charges Against SolarWinds and CISO

This post was originally published on this site

More Articles
Article

Navigating SEC Regulations In Cybersecurity And Incident Response

Free video resource for cybersecurity professionals. As 2024 approaches, we all know how vital it is to keep up to date with regulatory changes that affect our work. We get it – it’s a lot to juggle, especially when you’re in the trenches working on an investigation, handling, and responding to incidents.

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .