August 14, 2024 at 11:28AM
A critical vulnerability in SolarWinds’ Web Help Desk solution allows for remote code execution due to a Java deserialization flaw (CVE-2024-28986). The company released a hotfix for the issue, impacting all versions except 12.8.3 with the hotfix applied. Users are advised to upgrade to the latest version and apply the hotfix promptly.
Based on the meeting notes, the key takeaways are:
– SolarWinds’ Web Help Desk solution for customer support has a critical vulnerability (CVE-2024-28986) that could be exploited for remote code execution through Java deserialization.
– The vulnerability has a severity score of 9.8 and impacts all Web Help Desk versions except the latest one, 12.8.3, if the hotfix is applied.
– SolarWinds recommends all Web Help Desk customers upgrade to the latest release of the software and apply the hotfix as soon as possible.
– The hotfix is available as a ZIP archive and requires Web Help Desk 12.8.3.1813. Admins need to manually add and modify specific files for the patch to work.
– SolarWinds has published a support article with instructions on how to apply and remove the hotfix, as well as the importance of creating backup copies of the original files before applying the patch.