AI description
CVE-2024-28986 is a Java deserialization remote code execution vulnerability found in SolarWinds Web Help Desk (WHD). If exploited, this vulnerability could allow an attacker to run commands on the host machine. The vulnerability affects SolarWinds Web Help Desk version 12.8.3 and all prior versions. SolarWinds recommends that all Web Help Desk customers apply the patch available in version 12.8.3 HF 1. CISA has added CVE-2024-28986 to its Known Exploited Vulnerabilities Catalog, indicating active exploitation.
- Description
- SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.
- Source
- psirt@solarwinds.com
- NVD status
- Analyzed
- Products
- web_help_desk
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
- Exploit added on
- Aug 15, 2024
- Exploit action due
- Sep 5, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- psirt@solarwinds.com
- CWE-502
- Hype score
- Not currently trending
Threat Alert: SolarWinds critical hardcoded credential bug under active exploit CVE-2024-28986 Severity: ⚠️ Critical Maturity: 💥 Mainstream Learn more: https://t.co/xYnSoa6BNQ #CyberSecurity #ThreatIntel #InfoSec (1/3)
@fletch_ai
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
SolarWinds issued a hotfix for CVE-2025-26399, a critical unauth RCE in Web Help Desk (AjaxProxy deserialization). It’s a patch bypass of CVE-2024-28988 → itself a bypass of CVE-2024-28986 (added to CISA KEV). Update now to Web Help Desk 12.8.7 HF1.
@cyber_sec_raj
27 Sept 2025
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Weekly vuln radar from https://t.co/8RzyA4ocnO: CVE-2025-20352 CVE-2025-20333 CVE-2025-20362 CVE-2025-25257 (@0x_shaq) CVE-2024-36401 (Steve Ikeoka) CVE-2025-10035 CVE-2025-10184 (Calum Hutton) CVE-2025-53690 (Andi Slok) CVE-2024-28986 https://t.co/HF5Ob5EPZO
@ptdbugs
26 Sept 2025
207 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
🚨 SolarWinds, the gift that keeps on giving: a new Web Help Desk patch bypass, CVE-2025-26399, enables unauthenticated RCE via deserialization. It’s a patch bypass of CVE-2024-28988/CVE-2024-28986 - previously exploited. Given SolarWinds’ past, in-the-wild exploitation i
@watchtowrcyber
23 Sept 2025
10148 Impressions
32 Retweets
79 Likes
26 Bookmarks
1 Reply
0 Quotes
SolarWinds has released patches to address a critical security vulnerability in its Web Help Desk software that could be exploited to execute arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-28986 ... https://t.co/IohyanNEko
@pedri77
10 Jun 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-28986
@transilienceai
25 Oct 2024
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5426A720-F345-4C8E-B5B5-76639D447A6D",
"versionEndIncluding": "12.8.2"
},
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:12.8.3:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "331BF887-F099-419E-9664-EE2EC76E2E23"
}
],
"operator": "OR"
}
]
}
]