CVE-2024-28988
BaseFortify
Publication date: 2025-09-01
Last updated on: 2025-11-14
Assigner: SolarWinds
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| solarwinds | web_help_desk | to 12.8.2 (inc) |
| solarwinds | web_help_desk | 12.8.3 |
| solarwinds | web_help_desk | 12.8.3 |
| solarwinds | web_help_desk | 12.8.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Java Deserialization Remote Code Execution flaw in SolarWinds Web Help Desk. It allows an attacker to execute arbitrary commands on the host machine without authentication by exploiting the way the application handles deserialization of data.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to run commands on the host machine, potentially leading to full system compromise, data theft, disruption of services, or further attacks within the network.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch provided by SolarWinds for the Web Help Desk product as soon as possible to mitigate this vulnerability.