#JavaDeserialization

SolarWinds fixes critical RCE bug affecting all Web Help Desk versions

by

August 14, 2024 at 11:28AM A critical vulnerability in SolarWinds’ Web Help Desk solution allows for remote code execution due to a Java deserialization flaw (CVE-2024-28986). The company released a hotfix for the issue, impacting all versions except 12.8.3 with the hotfix applied. Users are advised to upgrade to the latest version and apply the … Read more

Years-Old, Unpatched GWT Vuln Leaves Apps Open to Server-Side RCE

by

December 18, 2023 at 05:43PM An unpatched Java deserialization vulnerability in the Google Web Toolkit (GWT) open source application framework remains unresolved after over eight years. This flaw, which enables remote code execution, could potentially require significant framework fixes for vulnerable applications. According to research by Bishop Fox, addressing this issue may necessitate architectural changes … Read more