AI description
CVE-2024-28988 is a Java Deserialization Remote Code Execution (RCE) vulnerability affecting SolarWinds Web Help Desk (WHD). If exploited, this vulnerability allows an attacker to execute commands on the host machine. The vulnerability can be exploited without authentication. The flaw lies in the application's deserialization of data from an untrusted source without proper validation. By sending a malicious serialized object to the Web Help Desk, an attacker can include code designed to execute commands when the software deserializes the object. A hotfix has been released by SolarWinds to address this vulnerability.
- Description
- SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research. We recommend all Web Help Desk customers apply the patch, which is now available. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.
- Source
- psirt@solarwinds.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@solarwinds.com
- CWE-502
- Hype score
- Not currently trending
🚨🚨CVE-2024-28988 (CVSS: 9.8) : Remote Code Execution Vulnerability in SolarWinds Web Help Desk ⚠️This flaw could allow an unauthenticated attacker to run malicious commands on the system hosting the Web Help Desk, giving them near-unrestricted access. ZoomEye… https://t.co/jkr
@zoomeye_team
390 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
CVE-2024-28988:: Remote Code Execution vulnerability in SolarWinds Web Help Desk.. #PatchNOW #SolarWinds #Vulnerability #cybersecurity #ComputerSecurity #hacked #Cyberattack #infosec #informationsecurity #CyberSecurityAwareness #DataBreach https://t.co/bplLP5JXgc
@patchnow24x7
16 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
#SolarWinds Web Help Desk Hit With Critical RCE Flaw (CVE-2024-28988, CVSS 9.8) Protect your organization from the critical flaw CVE-2024-28988 in SolarWinds' Web Help Desk. Understand the risks and learn how to mitigate them https://t.co/5w5XlSTnq9
@the_yellow_fall
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-28988:: Remote Code Execution vulnerability in SolarWinds Web Help Desk.. #PatchNOW #SolarWinds #Vulnerability #cybersecurity #ComputerSecurity #hacked #Cyberattack #infosec #informationsecurity #CyberSecurityAwareness #DataBreach https://t.co/fQMO6JWRT0
@patchnow24x7
35 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-28988:: Remote Code Execution vulnerability in SolarWinds Web Help Desk.. #PatchNOW #PatchNOW #SolarWinds #Vulnerability #cybersecurity #ComputerSecurity #hacked #Cyberattack #infosec #informationsecurity #CyberSecurityAwareness #DataBreach https://t.co/4pvcrXGHT0
@patchnow24x7
419 Impressions
2 Retweets
1 Like
0 Bookmarks
1 Reply
2 Quotes
CVE-2024-28988:: Remote Code Execution vulnerability in SolarWinds Web Help Desk.. #PatchNOW #SolarWinds #Vulnerability #cybersecurity #ComputerSecurity #hacked #Cyberattack #infosec #informationsecurity #CyberSecurityAwareness #DataBreach https://t.co/KHcroLP54C
@patchnow24x7
241 Impressions
0 Retweets
3 Likes
1 Bookmark
1 Reply
0 Quotes
CVE-2024-28988:: Remote Code Execution vulnerability in SolarWinds Web Help Desk.. #PatchNOW #SolarWinds #Vulnerability #cybersecurity #ComputerSecurity #hacked #Cyberattack #infosec #informationsecurity #CyberSecurityAwareness #DataBreach https://t.co/5G2wmzmQgT
@patchnow24x7
29 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-28988:: Remote Code Execution vulnerability in SolarWinds Web Help Desk.. #PatchNOW #SolarWinds #Vulnerability #cybersecurity #ComputerSecurity #hacked #Cyberattack #infosec #informationsecurity #CyberSecurityAwareness #DataBreach https://t.co/mI2INzEclz
@patchnow24x7
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-28988:: Remote Code Execution vulnerability in SolarWinds Web Help Desk.. #PatchNOW #SolarWinds #Vulnerability #cybersecurity #ComputerSecurity #hacked #Cyberattack #infosec #informationsecurity #CyberSecurityAwareness #DataBreach https://t.co/HnSGU5DBbb
@patchnow24x7
129 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-28988:: Remote Code Execution vulnerability in SolarWinds Web Help Desk.. #PatchNOW #SolarWinds #Vulnerability #cybersecurity #ComputerSecurity #hacked #Cyberattack #infosec #informationsecurity #CyberSecurityAwareness #DataBreach https://t.co/Zia5CzfIx1
@patchnow24x7
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-28988:: Remote Code Execution vulnerability in SolarWinds Web Help Desk.. #PatchNOW #SolarWinds #Vulnerability #cybersecurity #ComputerSecurity #hacked #Cyberattack #infosec #informationsecurity #CyberSecurityAwareness #DataBreach https://t.co/IGRU0GKr81
@patchnow24x7
171 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-28988:: Remote Code Execution vulnerability in SolarWinds Web Help Desk.. #PatchNOW #SolarWinds #Vulnerability #cybersecurity #ComputerSecurity #hacked #Cyberattack #infosec #informationsecurity #CyberSecurityAwareness #DataBreach https://t.co/d9HU5Va0VO
@patchnow24x7
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-28988:: Remote Code Execution vulnerability in SolarWinds Web Help Desk.. #PatchNOW #SolarWinds #Vulnerability #cybersecurity #ComputerSecurity #hacked #Cyberattack #infosec #informationsecurity #CyberSecurityAwareness #DataBreach https://t.co/jO1f5cgAJo
@patchnow24x7
75 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Solarwinds fixes Critical vulnerability CVE-2024-28988 in WHD Product #Solarwinds #CVE-2024-28988 #WebHelpDesk https://t.co/1HoQDwW1HN
@pravin_karthik
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨🚨 SolarWinds Web Help Deskで認証なしのRCE脆弱性。 SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability (CVE-2024-28988) https://t.co/d5Kqp07OQG
@autumn_good_35
506 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Warning: Remote Code Execution in @solarwinds Web Help Desk 12.8.3 HF2 and all previous versions. #CVE-2024-28988 CVSS: 9.8. Attackers can exploit this vulnerability to execute code on the server, allowing them to control the host machine. #RCE! #Patch https://t.co/mlqUegycgj
@CCBalert
203 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SolarWinds issues a third hotfix for CVE-2025-26399, a critical Java deserialization RCE in Web Help Desk that bypasses prior CVE-2024-28988 patch. Discovered by Trend Micro ZDI. #SolarWindsPatch #JavaFlaw #USA https://t.co/J8kOuo51B5
@TweetThreatNews
23 Sept 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SolarWinds, the gift that keeps on giving: a new Web Help Desk patch bypass, CVE-2025-26399, enables unauthenticated RCE via deserialization. It’s a patch bypass of CVE-2024-28988/CVE-2024-28986 - previously exploited. Given SolarWinds’ past, in-the-wild exploitation i
@watchtowrcyber
23 Sept 2025
10148 Impressions
32 Retweets
79 Likes
26 Bookmarks
1 Reply
0 Quotes
[CVE-2025-26399: CRITICAL] SolarWinds Web Help Desk exposed to unauthenticated AjaxProxy deserialization vulnerability allowing remote code execution on host machine, an exploit bypassing CVE-2024-28988 and ...#cve,CVE-2025-26399,#cybersecurity https://t.co/pXeuC8QJKC https://t.c
@CveFindCom
23 Sept 2025
101 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-28988 SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run … https://t.co/aZyCgx6Tek
@CVEnew
1 Sept 2025
560 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[ZDI-25-407|CVE-2024-28988] SolarWinds Web Help Desk AjaxProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVSS 9.8; Credit: Guy Lederfein of Trend Micro Security Research) https://t.co/HM8GJwVmDV
@TheZDIBugs
18 Jun 2025
972 Impressions
2 Retweets
13 Likes
3 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-28988
@transilienceai
23 Nov 2024
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-28988
@transilienceai
20 Nov 2024
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
SolarWinds WHD の RCE の脆弱性 CVE-2024-28988 が FIX:CVSS 値は 9.8 #RCE #SolarWinds #SolarWindsWHD #TrendMicro #Vulnerability #ZDI
@iototsecnews
28 Oct 2024
74 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Threat Alert: SolarWinds Web Help Desk Hit With Critical RCE Flaw (CVE-2024-28988, CVSS 9.8) CVE-2024-28987 CVE-2024-28988 Severity: ⚠️ Critical Maturity: 🧨 Trending Learn more: https://t.co/vN5DGQLY2C #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
19 Oct 2024
54 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes