SolarWinds fixes critical flaw in all Web Help Desk versions, patch now
Take action: The message from SolarWinds is clear and very direct: "All versions of Web Help Desk (WHD) should be upgraded to WHD 12.8.3, and then the hotfix should be installed." You may not like it, but It's much easier to debate knowing this particular flaw can't be hacked.
Learn More
SolarWinds has issued a security advisory regarding a critical vulnerability in its Web Help Desk (WHD) solution that could be exploited for remote code execution. Web Help Desk is widely used across large corporations, government agencies, healthcare, education, and help desk centers.
The vulnerability, tracked as CVE-2024-28986 (CVSS score 9.8), stems from a Java deserialization flaw that allows attackers to execute commands on a vulnerable host.
Although the vulnerability was initially reported as exploitable without authentication, SolarWinds' engineers could only reproduce it after authenticating. Despite this, the critical severity rating remains due to the significant potential impact.
All SolarWinds Web Help Desk versions are affected except the latest release, version 12.8.3, provided the hotfix is applied. The company strongly urges all users to upgrade to this version and apply the patch immediately.
The hotfix, delivered as a ZIP archive, requires administrators to manually replace specific files within version 12.8.3.1813. SolarWinds advises creating backup copies of the original files before applying the hotfix to mitigate potential issues.
