CVE-2024-28986NVD

Vulnerability Summary

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine.

While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.

However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.

Severity Level

CRITICAL(9.8)

Published Date

Aug 13, 2024

Last Modified

Oct 21, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

N/A

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28986
https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2024-28986NVD

Vulnerability Summary

External References